Report - 1wytvn.life/casino/play/aviator]

Report Overview

Submitted URL
1wytvn.life/casino/play/aviator]
IP
190.115.24.78
ASN
#59692 IQWeb FZ-LLC
Submitted
2024-04-18 10:38:41
Access
public
Website Title
1win
Final URL
1wytvn.life/casino
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
446

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.no	25607	2001-02-26	2016-04-05	2024-04-18	586 B	578 B	142.250.74.163
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-04-17	1.7 kB	866 B	216.239.34.36
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-04-17	474 B	511 kB	142.250.74.131
1win-cdn.com	unknown	2022-12-12	2022-12-12	2024-04-13	107 kB	3.1 MB	154.197.121.128
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-18	1.8 kB	356 kB	142.250.74.40
eu.i.posthog.com	unknown	2020-01-23	2024-02-20	2024-04-18	2.7 kB	3.3 kB	3.125.75.228
d16q5vvir3f28d.cloudfront.net	unknown	2008-04-25	2024-01-17	2024-04-18	451 B	4.5 kB	143.204.42.118
imgproxy.1win-cdn.com	unknown	2022-12-12	2022-12-22	2024-04-13	22 kB	347 kB	188.114.97.1
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	403 B	1.3 kB	142.250.74.164
1wytvn.life	unknown	unknown	No data	No data	6.1 kB	562 kB	190.115.24.78
1win.direct	unknown	2022-08-16	2022-08-16	2024-04-18	1.2 kB	468 B	134.122.54.186
eu.posthog.com	unknown	2020-01-23	2022-10-06	2024-04-15	400 B	48 kB	143.204.55.110
static-adm.1win-cdn.com	unknown	2022-12-12	2023-05-22	2024-03-03	1.4 kB	240 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	1wytvn.life	Sinkholed
2024-04-18	medium	1wytvn.life	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1wytvn.life	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1wytvn.life	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1wytvn.life	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1wytvn.life	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1wytvn.life	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1wytvn.life	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed
2024-04-18	medium	1win-cdn.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (88)

	URL	Size	First Seen	Last Seen
	1win-cdn.com/js/chunk-vendors.4518b2e7d.js	231 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/chunk-vendors.4518b2e7d.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-04-18 12:48:00 Times Seen18 Hash c4b15f512b08aa602a53b6e6d8f7d674 60460221425a34a40643a5ffcc12e92f8cf7aaf3 03aee039311e09271504896f7eba4ef4940489c4ed416e84832ac8926e3c4139 Loading...

	1win-cdn.com/js/9019.6eaa01ac4.js	11 kB	2024-04-18	2024-04-19
Pretty URL 1win-cdn.com/js/9019.6eaa01ac4.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:58:05 Last Seen2024-04-19 16:01:32 Times Seen6 Hash 0b5f842702b9320c6bc016bc272af61b 185c09f2b20243d500af6149922e8f77e27dc905 abd67b9dc4642d4efda8a7f8a9aae62acbbc1a654202378a7af175d5806830f7 Loading...

	unknown	280 B	2023-09-09	2024-05-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-09 23:12:45 Last Seen2024-05-01 00:06:19 Times Seen598 Hash ccf8800179f76f96ab5ee9e2c31b34c9 bc8b036511560d2555772f2e5ce950ddc183fe1f 04598a52f743aceb0cd6af79dfa45e23b4f05f205f5c3814962e56a0225b90a1 Loading...

	1win-cdn.com/js/56657.79f59e0fd.js	48 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/56657.79f59e0fd.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:06 Last Seen2024-04-18 14:37:35 Times Seen5 Hash 1332cae948c13077c6e02fc079150172 147e53668d72e210cb57ec9bb4f2e293517ec21a 7bf9303570979df0815afe8299ab6718b42617bbbaf7857a0602d64b9dc5c1f8 Loading...

	www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c	198 kB	2024-04-18	2024-04-18
Pretty URL www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:38:51 Last Seen2024-04-18 12:38:52 Times Seen2 Hash a99f0ae21bdce1ba33bb645aa50c60d4 91f098df802dda8eba697500b8ef30e1f8898503 8214cb646ef50fd0ae999172f4ce04eb8e52d9f97bbd2dd836ad661d6686c145 Loading...

	1win-cdn.com/js/72949.472bec630.js	878 B	2023-12-02	2024-04-28
Pretty URL 1win-cdn.com/js/72949.472bec630.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 04:13:54 Last Seen2024-04-28 19:32:25 Times Seen84 Hash 5765adfdb893083861d6d1beb08074d4 8931c416328724d98eadef87c8125044b4180eec b2f923dc50f9abd2d7afceebf9868e65eb8ba6b787a57320292ae2a5dae5a661 Loading...

	1wytvn.life/casino/play/aviator]	388 kB	2024-04-18	2024-04-18
Pretty URL 1wytvn.life/casino/play/aviator] IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 12:06:04 Last Seen2024-04-18 12:47:58 Times Seen7 Hash 88d19ca5e246392bf7b6b88ed65a819a cd037b3ff828c81067aeb5fa492d85b3cd6eabbd 4005932c37275df1d2647b24fb37f7ab641083f672c51ed96167751ca39cc181 Loading...

	1wytvn.life/casino/play/aviator]	275 B	2024-04-18	2024-04-18
Pretty URL 1wytvn.life/casino/play/aviator] IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 12:22:45 Last Seen2024-04-18 12:47:58 Times Seen4 Hash d6fb44f11d974bf25a6af45d9fca949e be061274e18a035925b1abec876f628620e6a29a 7787f43703d69944202d97572bb52defb925a2d14acb07a5a1326c2d0229a024 Loading...

	1wytvn.life/casino/play/aviator]	25 B	2023-07-19	2024-05-01
Pretty URL 1wytvn.life/casino/play/aviator] IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 21:15:56 Last Seen2024-05-01 00:06:19 Times Seen725 Hash 2a9c68b4e7022ff8ab044251b6be11b0 6ca1d5c1984d89a849b7aafd0cc76b1efe8d77dc 6cfd8751a565c9e7d402eaa68a6d30afdf9967813d60cc28d655578e1bec7b9c Loading...

	1win-cdn.com/js/57652.297e4ecc2.js	647 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/57652.297e4ecc2.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:18 Times Seen367 Hash 216ec24dc6b69039aa6f2ffe247e3d23 a699b435adab6e2d4e00853d5bb26ecc4e3599dc b3448f22c1183376e60f5959e8eeb55db3157f8ce74e60e72cb8b3b0db97ea50 Loading...

	unknown	320 B	2024-04-18	2024-05-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-01 00:06:19 Times Seen43 Hash 604b6a04bbd64c0897092ed7e30023bd 135732431cb91633a7fd90695a1ed085247b9564 02ddf8ff988206010b70dd08d64c44f99fbb459d3ae4cf60e41ded1cf1a995a0 Loading...

	unknown	421 B	2023-03-12	2024-05-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:22:06 Last Seen2024-05-01 01:57:19 Times Seen1397 Hash dc37ec839376756d26f9c8925e173ac0 c7aff54b91a363e452e3338b3cf8441b3a82cbbb f139f19f43bcda296441234e4cb82550d94bde81758de7cf37bfe55df1c96717 Loading...

	unknown	170 B	2024-04-18	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:38:51 Last Seen2024-04-18 12:38:51 Times Seen1 Hash 749e303b7c83df79fbdc5a530d80006f acedf20c1a8781d3e6d4c37e4aafefbb709e666a 7d234d9a56c27fdf5477f57868680fdaf59ac9a5b50a2b0c944a13e76c6c0324 Loading...

	1wytvn.life/casino/play/aviator]	6.2 kB	2024-04-18	2024-04-19
Pretty URL 1wytvn.life/casino/play/aviator] IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 07:36:05 Last Seen2024-04-19 16:01:28 Times Seen13 Hash 406ca898b2d32a9cb7603479948ff2fc 1b2d68425d2b05ed6cb2050b79c27d4f5eec58f1 51a3d10d259143497522221e6132b7d40a390b72b32ad6c522dcbd8bbab9ee67 Loading...

	1win-cdn.com/js/index.412051145.js	185 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/index.412051145.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:22:44 Last Seen2024-04-18 12:47:58 Times Seen4 Hash 67c1db3a6518c3997ad954cc086395bd 955c3b96db5ebb3f55a737b53cd3c83a1f57b497 e7ca99c3038531e04cc63121ac3e8c1290d25ab9205b820482e1e7e9b5a85f84 Loading...

	1win-cdn.com/js/33700.8f8589382.js	992 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/33700.8f8589382.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:19 Times Seen362 Hash cca468f1fe1bebf60fb88dadcdb78142 a7c820f160c6a07b014972f8aa63e9b38f6b7ec3 0093434135f55115e84e92ac20ecc0af0ff6f9e200cc6cedbbb9d52c3504d678 Loading...

	1win-cdn.com/js/62791.4c6b613ab.js	20 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/62791.4c6b613ab.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:38:51 Last Seen2024-04-18 12:38:51 Times Seen1 Hash a66028ecd0e41061ab34fe2e502cdace 56da0612915be464ebc824dd989ded23d4b4bc15 f4e277a0265e74ccf057c7173f94b6082a8bcddfbbdc6693ee99939d6d8e7860 Loading...

	1win-cdn.com/js/35004.f2354cf98.js	23 kB	2024-04-13	2024-04-28
Pretty URL 1win-cdn.com/js/35004.f2354cf98.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 04:29:33 Last Seen2024-04-28 19:32:26 Times Seen14 Hash 440799cf0cd0e366ced388bd521b581c a3a9b113dd83cebcc40b06d91e844e1fa28a249f f861a31438a3a102068b510126db9703e696203c7aa027312910ea94c9772ddd Loading...

	1wytvn.life/casino/play/aviator]	87 B	2023-07-19	2024-05-01
Pretty URL 1wytvn.life/casino/play/aviator] IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 21:15:56 Last Seen2024-05-01 00:06:19 Times Seen728 Hash 3795446a4317a989b0632a668bb1a334 56d14bb87a67b3ceb620bb61633db5e43099bd33 d28b1d0dcd44e2fdbb9ed061c9c7f5e0e0595e93b092464d38d76e335de3aed5 Loading...

	1win-cdn.com/js/18860.d3e8c1777.js	28 kB	2024-04-18	2024-05-01
Pretty URL 1win-cdn.com/js/18860.d3e8c1777.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:04 Last Seen2024-05-01 00:06:21 Times Seen76 Hash 4b143001b05330bb316fe6b48531dbb6 ffa1e8fc89a58cf47350481057028603fe7fff91 d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e Loading...

	1wytvn.life/firebase/8.1.1/firebase-app.js	20 kB	2023-03-07	2024-05-01
Pretty URL 1wytvn.life/firebase/8.1.1/firebase-app.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2024-05-01 00:06:19 Times Seen2047 Hash 5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce Loading...

	1win-cdn.com/js/37061.4706f0db4.js	25 kB	2024-04-13	2024-04-26
Pretty URL 1win-cdn.com/js/37061.4706f0db4.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 04:19:49 Last Seen2024-04-26 17:36:12 Times Seen69 Hash fea412cd3a087cd0adfdfe6b1bea44ff 456a1a717440c0724e385a28530602b16d0a6d79 3afba0d7cf4300653b9f75bbbdc8f22807f566ede08dffe32a887844f6174a47 Loading...

	1win-cdn.com/js/72947.f133d7870.js	7.1 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/72947.f133d7870.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:38:51 Last Seen2024-04-18 12:38:51 Times Seen1 Hash acab4c06de5930e1e61957c57c5dd720 eba175cfa49cb8e08add68a837fc3172c9f47855 bd0a3c49f970995b2d26b36bfc1bcde1d4ee3498bbff81cfe49ff0f2f2446ea4 Loading...

	unknown	409 B	2023-03-10	2024-05-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:10 Last Seen2024-05-01 01:57:19 Times Seen1396 Hash efc54365d1ba6c4fb4bdf7ea1996bdbd 9f89f3485cd56eac910d9c0d6f9bd3b201074e24 da89215c040a91b80faf28d6030c58dab9d599794ef9bd1feba0fb01c621cf40 Loading...

	unknown	351 B	2024-04-18	2024-05-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:06 Last Seen2024-05-01 00:06:19 Times Seen43 Hash 003a98f80ebb1ce49eec0dc541b1f6cc b2e5d2f6337980e0706fd4f3b5934312ebb1126d 49340d31db7e883167a7e4feb1636ee431aca49bd18316d9842b82b43776a454 Loading...

	unknown	351 B	2023-10-25	2024-05-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-25 01:40:40 Last Seen2024-05-01 00:06:19 Times Seen53 Hash 50725e8bd51942770349d377e402887e 6fc749ca36fea5616e06fad9c3d730b40501ef97 480c402fbf1153a0a745e8cd392330a938c972ee0302364e3a252fd90c58f719 Loading...

	1wytvn.life/casino/play/aviator]	524 B	2023-10-13	2024-05-01
Pretty URL 1wytvn.life/casino/play/aviator] IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 04:25:36 Last Seen2024-05-01 00:06:19 Times Seen572 Hash 1cba076a7bc43f6c027239039206c8e3 b51a0930ec4aa4c5317c4771ade558fadec24239 c716ec7c8a8774ae64a4dc26521542f54ab78b436008474e797b7136299c9407 Loading...

	1win-cdn.com/js/90206.e6b56ddaa.js	12 kB	2024-02-20	2024-05-01
Pretty URL 1win-cdn.com/js/90206.e6b56ddaa.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 22:52:50 Last Seen2024-05-01 00:06:19 Times Seen102 Hash 9b6c6ae255b71f876728a060c7a65d30 62487ce812d8cde4b41e55f4322e495288f52c8e 1122edc87ebd6ab526c31112f0eea970aa0a58adf924e3c44791d43be0292291 Loading...

	1win-cdn.com/js/28852.501b5fba6.js	906 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/28852.501b5fba6.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:19 Times Seen367 Hash 8c454f4f9b542fe39f23206bc649d0ad 5c87d1e9b3f6f05694adea0524cd5c421222b368 429057a98cbc1fc117e33580ec952a3b52377602b06e702e1099b11891183cf9 Loading...

	1win-cdn.com/js/90511.4bc374431.js	637 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/90511.4bc374431.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:19 Times Seen369 Hash 453f1fb8f8c37b6c5c54c40e87dd038b d91d34e4b68e63be767a3ce9cd34eaa3dd41172d 52fd79478fc6b3e236a696d22135ed0c09100b9e25ff9bf93fca315d9d4ba1de Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7	361 kB	2024-04-18	2024-04-18
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:38:51 Last Seen2024-04-18 12:38:52 Times Seen2 Hash c0f00b8ccaa092bcd8ee5590c4e09e14 2d6c10eb2ef421b269e08e27038c776caf68d9ad d97d80dfa1bf215e3c48540723d04ba81facf17931f86dd8af1c4c5e283b7cf6 Loading...

	unknown	316 B	2024-04-18	2024-05-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:04 Last Seen2024-05-01 00:06:19 Times Seen43 Hash 51e2b24c7620b63ffea046457fbc4af5 d9bcd9eb3b1a690e47f50fa5ba6383b3bc53b1a6 147b62c7a4294c2c35bc4030c5fd6ad0601b851f35879596b29e4215a3d63cc6 Loading...

	1win-cdn.com/js/56476.aa39174a9.js	9.4 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/56476.aa39174a9.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:06 Last Seen2024-04-18 14:37:35 Times Seen11 Hash 0c49da310b58d2f6267bd06007cbfc68 93b16586d62e30d29d7196bb536cc89e4ac267ba 821161543ad39c816e66b358df821627145ac0ee70fe8c4f3e6ffa706be6d6d7 Loading...

	1win-cdn.com/js/desktop.a06c8f917.js	137 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/desktop.a06c8f917.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:22:45 Last Seen2024-04-18 12:47:59 Times Seen7 Hash 5d1ad16b31edf980a841c376c1d72309 38935040d5920f126bb513057c2608707a152cf1 492a1ba920f78d2b9fd9fc0fda5056546f9de9cff5f54797e0bccc82aa0001d5 Loading...

	1win-cdn.com/js/86359.48c462178.js	634 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/86359.48c462178.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-01 00:06:19 Times Seen358 Hash a9c94358d9375f9d5d2475ee6c117033 ab71f0dfde4e0ea9e5a78c68934867a868f36a8a f4a61473edf04efa0863e90c136ec67d5fcb0f78eae6a2cecdb477669c06033c Loading...

	1win-cdn.com/js/1670.fbaee7667.js	8.9 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/1670.fbaee7667.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:38:51 Last Seen2024-04-18 12:38:51 Times Seen1 Hash 9a69bb89677cb89fa79b875082fa7234 98d2c4f06a5baca3e1f60a03ebad3a32a3e6e26c 47b4917d37e57e4ddc0453bdce275a5df7911c1c335888b57788860e20b600b4 Loading...

	1wytvn.life/casino/play/aviator]	113 B	2024-04-18	2024-04-18
Pretty URL 1wytvn.life/casino/play/aviator] IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 12:22:45 Last Seen2024-04-18 12:47:58 Times Seen4 Hash 171a09b8a6cc5a3a32b6134fcf55f600 1a83e0703d7a4bb6fea8f813ae63b6e209941555 f147c6e625a02750fd56bd748a1fb9daf755043ba3bdf677f555d88749f3f72a Loading...

	1win-cdn.com/js/39769.f5dc245b0.js	672 B	2023-12-02	2024-04-18
Pretty URL 1win-cdn.com/js/39769.f5dc245b0.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 04:19:46 Last Seen2024-04-18 12:38:51 Times Seen6 Hash b0936ec824cb64f2b93c35c36f823d5e 5a517aa4a663b9da7c95f687543bf0b85925d581 89e1f9728dec134acff9dd5b17b3ac8a6284f5158246e71203b8b9b26a8629a3 Loading...

	1win-cdn.com/js/46665.703cfe1de.js	1.0 kB	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/46665.703cfe1de.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:18 Times Seen365 Hash a8e8453b85165d96566b9b00409adb90 ba4c50613470a3fc260501bdc9fedad671c0c21b c7909ffee12406973b236af27c311a6b83d035e1b134ff32a56c918195194c1b Loading...

	1win-cdn.com/js/1279.7681fe15f.js	911 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/1279.7681fe15f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:19 Times Seen373 Hash 28141e290f6ef740409a896799581b45 68034ac9fe2c0e71bb8ccc868540963adf4ebc7f b563de728f7ad9022ef94968360931749d32898f02f524b66a73c2630126f4a3 Loading...

	1win-cdn.com/js/68578.08cd62539.js	2.1 kB	2023-12-02	2024-04-28
Pretty URL 1win-cdn.com/js/68578.08cd62539.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 04:13:54 Last Seen2024-04-28 19:32:26 Times Seen88 Hash 5dc7dc45a000b7662f98db831f452cdc 575d6ef565adbb0d11cb576606cb6d15820b5154 3c61dbdff4f6f185becac04459d27f953b565d0e0cc2e491992c620a903bef33 Loading...

	1win-cdn.com/js/89004.f9fc8712e.js	474 B	2023-12-02	2024-04-18
Pretty URL 1win-cdn.com/js/89004.f9fc8712e.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 04:19:45 Last Seen2024-04-18 12:38:51 Times Seen6 Hash dd2807a0266858fd1afa3840fd147724 5cb5e42e647dd89bced81368e2652b377055aa7a 3d1d56fe18bede1d37330cc1848d21ec4d03e36bd5924183349cfe6a6f65a7eb Loading...

	1win-cdn.com/js/57460.093f52cba.js	438 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/57460.093f52cba.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:19 Times Seen358 Hash 3940ad901c872d13b3f221d5d1753c90 d9543432f353b875d90ba22a0fe5d7edf3870d12 ffea5f4a3b9b89527a8eaa3be89086ffcb058b987b84dd614f314ec461a7b601 Loading...

	1wytvn.life/casino/play/aviator]	168 B	2023-12-28	2024-05-01
Pretty URL 1wytvn.life/casino/play/aviator] IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-28 18:15:05 Last Seen2024-05-01 00:06:19 Times Seen239 Hash 457845cec6d736fd4ef36c7ef4b151f2 07936d0ba74365a8800c77fef3fb1407ec380ce5 bdb9495702f089c6d0a6d88e2e925a54c5ed3bb903835340562ce54d54dbd7e1 Loading...

	1wytvn.life/casino/play/aviator]	4.2 kB	2024-03-30	2024-05-01
Pretty URL 1wytvn.life/casino/play/aviator] IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:18 Last Seen2024-05-01 00:06:19 Times Seen54 Hash f03d5c5d4651c5185cf95e29770acbf4 d228cd1a34da6c7d7a6fc2c3b3691d3578bd92f4 5ba081585bdcc91f38ed16b0cbdbf9dbfb3aef0886a4afa935f0a08ddf467088 Loading...

	1wytvn.life/casino/play/aviator]	4.9 kB	2024-01-25	2024-05-01
Pretty URL 1wytvn.life/casino/play/aviator] IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-25 13:18:38 Last Seen2024-05-01 00:06:19 Times Seen158 Hash e39e4e132bab588b54ac8c01ee1cb792 507d529821627dea59889e1d2557482357d13902 26314cf2ae26676e29acce35b798159216131c0d472c11651870d02526f9d210 Loading...

	1win-cdn.com/js/11420.38ac09d66.js	127 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/11420.38ac09d66.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:07 Last Seen2024-04-18 12:47:58 Times Seen17 Hash e17fa558b9dfe0726904ef1cbb1ee1cf 1ae17901c3c502bd950e6982aa6e75659d8c6305 f8bfbeb930700f2f81f72c38b1985cd949bd322145e15d05f9b815c9a7f4d7cd Loading...

	1win-cdn.com/js/31310.c605a9b9f.js	528 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/31310.c605a9b9f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:19 Times Seen372 Hash a81a1029c765d56df809940586f5ebf2 0af374464f6a4ad7af03cbe18ade0125c6b9fbc7 441aab7f91c07adfafb38da23b57e3787bf49c465f11afbf282a0825edec500f Loading...

	1win-cdn.com/js/66512.d3b9afb82.js	759 B	2023-12-02	2024-04-30
Pretty URL 1win-cdn.com/js/66512.d3b9afb82.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 04:13:54 Last Seen2024-04-30 05:54:54 Times Seen117 Hash 75849d467c18e26699573d2d823f193c 69f6a598f978eeda746b3350f5e43a03a54ac279 a4c328462dbca74675368436ef8edcb069dc592bddb24f173a5329c1c4a27742 Loading...

	1win-cdn.com/js/78449.1776bac9f.js	786 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/78449.1776bac9f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-01 00:06:19 Times Seen377 Hash c9e05b247ec4862225558c72b113350d 7708f2815c38e06b3f5ed4e9c6c98622b69e3f4a ba979bcf79cb56027207dfba2cb71ac9b41ad1f38b55a0977f72091dddaa6486 Loading...

	www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c	246 kB	2024-04-18	2024-04-18
Pretty URL www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:38:51 Last Seen2024-04-18 12:38:52 Times Seen2 Hash 429285219bfbb289b79f150a9917c644 2db0b297df5869aaa543de9259bfa4fe54d04a7d d7d3696100a0861d7785f0525e71e6f0177fc59068a8033c5f257dadd53e1cbb Loading...

	1win-cdn.com/js/14681.3d5bceb66.js	589 B	2023-12-02	2024-04-28
Pretty URL 1win-cdn.com/js/14681.3d5bceb66.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 04:13:54 Last Seen2024-04-28 19:32:26 Times Seen84 Hash 5a5662eb1c58c0b13d55e9f4e88e8fb4 8389871d5e633edef40352e4ac61e11a199d1c91 2b2872429b8745f929db6d474b893c3f904a2b43cfa0370f91558f50bf0c2f69 Loading...

	www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js	511 kB	2024-04-04	2024-04-18
Pretty URL www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js IP 142.250.74.131 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 06:23:43 Last Seen2024-04-18 16:42:06 Times Seen5623 Hash e9ccb3dbde79ba5ffdf9cad4b32d59fd 3a8cd67adc7c885bdf683f1e7f491e6a4a50679f 8f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137 Loading...

	1win-cdn.com/js/91217.fc8dbcaea.js	828 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/91217.fc8dbcaea.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:18 Times Seen369 Hash ba2b6cee07a00d456f358cd9e2bf7ffc 77c0332cc2baee5b4783b7c60294284222603a97 d071f74f942a98bf42fb73282a6a91ffaf9eeb116dd49dd0900ffc396d537704 Loading...

	1win-cdn.com/js/62692.9dadb7398.js	847 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/62692.9dadb7398.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-01 00:06:19 Times Seen371 Hash 9afe6681b5ea10a8c7663a970eeafd54 1e3dafa83d751066892246ba0fbc85966e83fcb2 a31e32a08b75b8ee000531454e3e63f3814ab6cb885e9f0434fe426bbcbc87e7 Loading...

	1win-cdn.com/js/8726.6a357273b.js	664 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/8726.6a357273b.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:19 Times Seen351 Hash d3791eaee8c4e61b0a5a83f911a88cee 1f439da3d55903466d31fb89708dac067916c057 c9810fa2298b1f0e1df7375b8259ba26174bb1a3d71cd5e33e2a584557179620 Loading...

	unknown	456 B	2024-04-18	2024-05-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-01 00:06:19 Times Seen43 Hash e52b0f59624f8e74a8b3057ff5435c61 2751ea57dea85000a4310b8ce1ed42f128e15669 59024c214314c5b5bf32ca19d50e94e1bdd916c1876a2c3b982dc22bffa98340 Loading...

	1win-cdn.com/js/39061.b6ef077a8.js	92 kB	2024-04-18	2024-05-01
Pretty URL 1win-cdn.com/js/39061.b6ef077a8.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-01 00:06:19 Times Seen42 Hash 83d4506e6f678aff3759f690c86c3f13 8419680dd653fa9af4ac1c81de16cd11e312ad66 9f7b5ebb4189e668f5f375ff48dc4821fffacf9b3881159702486e689c87cd72 Loading...

	1win-cdn.com/js/46719.c1d2eb9c5.js	527 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/46719.c1d2eb9c5.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-01 00:06:19 Times Seen263 Hash 4aed1e3e32871424dc1c549529ea26b8 1d2f8b2c24659b65a6c8fd249b156d8f668d46fa 579590204e7c01d12d85ed9d70750b3260a0212c70a9fdb264bce2a83449721a Loading...

	1win-cdn.com/js/73650.ab885df75.js	4.6 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/73650.ab885df75.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:38:52 Last Seen2024-04-18 12:38:52 Times Seen1 Hash c93c2a44923f1814fe2b2dc10015704b 03ac0d6e259edf4751454e44e0ca9907c7dc957f 2a4e2335f8c9c1cb995c5ed0cfd38abcb9dfd0fe7cf7702bc5adda5beb3dab70 Loading...

	eu.posthog.com/static/array.js	127 kB	2024-04-17	2024-04-18
Pretty URL eu.posthog.com/static/array.js IP 143.204.55.110 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 19:12:30 Last Seen2024-04-18 12:48:00 Times Seen22 Hash a5e451dbde5d303539c741728ff1a27e 97518c1a5b6a71b00a973e91a2cb32925d6b6d92 688219c18055687df9ad76c907c7f6245355726722081fe0dadae906bff34009 Loading...

	1win-cdn.com/js/20420.30b3c996e.js	573 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/20420.30b3c996e.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:19 Times Seen364 Hash f5d89fb15e17f73b8c6bf23ec49acf32 451fa7acd3e8f232c6d8e5a9e2685226771fbb41 a763f290f9b6982825ca91925709d7ba82ca508514f91786fa29c44b4afa763a Loading...

	unknown	199 B	2024-04-18	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:04 Last Seen2024-04-24 05:48:14 Times Seen22 Hash 923ed937b85354081d0e731d2b0d0f41 9527a88d5eadb513b3c7b09f2091a7cf6b06ec0a 48f823d38a4464991677e7342816bc57203f691549708906abf28d00372650b9 Loading...

	1win-cdn.com/js/24644.ff7d12e57.js	581 B	2023-12-02	2024-04-28
Pretty URL 1win-cdn.com/js/24644.ff7d12e57.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 04:13:54 Last Seen2024-04-28 19:32:26 Times Seen79 Hash f32707f75f16022696b1c8e80284616c 59dc16a5106642b96864cb96cd28b3a50948eeb0 3766354609188d91048772ef4d512ba3431a09b4de63268bf5274610cc73b465 Loading...

	unknown	562 B	2023-10-13	2024-05-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 04:25:37 Last Seen2024-05-01 00:06:18 Times Seen569 Hash e35abe00e44b33a732fe04616d6d661a 9031f203ada1d67c9757e77d999b4b7f14fa708b e4c05446119bc3a162949df6dbac62fb9dd051be503964869331860255ae16f0 Loading...

	unknown	347 B	2023-06-26	2024-05-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 22:52:58 Last Seen2024-05-01 00:06:19 Times Seen830 Hash 150b71f7dde92027aee8fc8db2fcd0b3 faf9f0f6c34b25828fd97f37fa6b88152e55580d e9f6609639ac5f436c82395dfd4f3b3050e9140ad66b83ab152c5c829234406b Loading...

	unknown	320 B	2024-04-18	2024-05-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-01 00:06:18 Times Seen43 Hash b2cb4c2391077a9866f15278e2f22e28 b3c7c896176736a5c7964d09571b1d3db0a26a11 52ba3ec64c619c6ff3388e641a53b7e58ca9e9d92fab48f4da1128a3dba9de15 Loading...

	1win-cdn.com/js/88971.a170f9f22.js	529 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/88971.a170f9f22.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:19 Times Seen257 Hash 88e4f6d7cb0faf6b16c158636a8553bf 357a27adf1b5615ee1897f13e0de0344254d9bea ad7459bd9492984b70993c16807c05a1b962c1e366d793cdd5646259f02b34c2 Loading...

	www.google.com/recaptcha/api.js	850 B	2024-04-04	2024-04-18
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 06:26:02 Last Seen2024-04-18 15:34:34 Times Seen915 Hash 1613f25e7a73976f440bd3c174bc1dc3 ffa5be6619ae6109c6e412186e0f12b8d8a73cd9 091a7de491da06df67c869b9905c1d028eb2816e68360c0b5b7a4fa8ce590322 Loading...

	1wytvn.life/firebase/8.1.1/firebase-messaging.js	41 kB	2023-03-07	2024-05-01
Pretty URL 1wytvn.life/firebase/8.1.1/firebase-messaging.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2024-05-01 00:06:19 Times Seen2057 Hash 450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f Loading...

	1win-cdn.com/js/36775.2fa23c557.js	7.8 kB	2024-04-18	2024-04-24
Pretty URL 1win-cdn.com/js/36775.2fa23c557.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:58:05 Last Seen2024-04-24 05:48:13 Times Seen4 Hash cae866e16534d52008102be7f72b3012 be8b69573bb8de47486ddea90910633007299cd4 c085363394d73062cd61453a058f953d9920893d18445605783819be21b1b37a Loading...

	www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c	257 kB	2024-04-18	2024-04-18
Pretty URL www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:38:52 Last Seen2024-04-18 12:38:52 Times Seen2 Hash d2046872648413dec8ba33a0880bc8c2 07ebf02dd77123b84ce6dd45647d5ee07becd4c2 c7450723d1a7c648d5add05d7408679f86c7aa1df06680823f6968d104878beb Loading...

	1win-cdn.com/js/9726.f171d96f4.js	550 B	2023-12-02	2024-04-28
Pretty URL 1win-cdn.com/js/9726.f171d96f4.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 04:13:54 Last Seen2024-04-28 19:32:28 Times Seen79 Hash 24913e1fd54b96e0450a3a2f94a625bb 94f4a15bc39b719b348149eef1690b11c85c8b2b 4da35b34362f5457dd29c59c13dd3eb9d26f92ff8d485df66163f08006b7b052 Loading...

	1win-cdn.com/js/60609.5ed8b9fec.js	623 B	2023-12-02	2024-04-28
Pretty URL 1win-cdn.com/js/60609.5ed8b9fec.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 04:13:54 Last Seen2024-04-28 19:32:27 Times Seen83 Hash e08ebbfa33e572d2dbb527698a4f32de d353f06d6074ad1483278529b4cc480a74dbc66e 520a19c5576043f0821d23c8858f65c967fa1293e20cc6a4bdcde7b7e418f1ed Loading...

	1wytvn.life/casino/play/aviator]	482 B	2024-03-30	2024-05-01
Pretty URL 1wytvn.life/casino/play/aviator] IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:18 Last Seen2024-05-01 00:06:19 Times Seen54 Hash bc24bbddaf09063aa5f8250aaa64f3d8 293f3dc4dff618fa2ce2cffd58b484ff36b79d63 464c0d2eb75f1905f967d1fc1a4809f063a3085f56f76d231234d78bb28d698f Loading...

	1win-cdn.com/js/63502.6c3848d73.js	422 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/63502.6c3848d73.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:22:45 Last Seen2024-04-18 12:47:58 Times Seen4 Hash e836cf7b48306aa5bc3f0ed88c544718 4fb75605754714711fcdd9d2ae4e3891dfd1ccf2 5d054a08449bb2f5068ef94e51cdbb13e8e3198db79b6ba304125eb77fbc57c3 Loading...

	1win-cdn.com/js/38209.ce0dbb534.js	1.3 kB	2024-02-20	2024-05-01
Pretty URL 1win-cdn.com/js/38209.ce0dbb534.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 22:52:49 Last Seen2024-05-01 00:06:19 Times Seen93 Hash 72f73ddb269d565042120562c1ec0c63 36b9b7c3b8838355aae56c42478bdfa61f5250dd b333e8bd20e8f594718ef1c195192747680b0842c347179cf6ca55c81178a006 Loading...

	1win-cdn.com/js/48430.9af74daeb.js	1.2 kB	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/48430.9af74daeb.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:19 Times Seen371 Hash 1ff7975a9909675793b03da1294f9681 04198fea02ca2f61451191a0916f7a3b87967bfa 06b058e9e4542070b7052f3cdb79599a4353b89529357a5a4df7258c3b1656bc Loading...

	1win-cdn.com/js/icons-pack-casino.fd47961dc.js	91 kB	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/icons-pack-casino.fd47961dc.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:19 Times Seen621 Hash caf103b3719cd36e18dd18439deac2fe b2e498d23c374abbc8ccd46f2ca03cb2bb2f41a3 4b280d2612a827e6604aef233c91cfd79b359a47065c728a350d0646c5c8a68c Loading...

	1win-cdn.com/js/42672.1d05742a3.js	884 B	2023-12-02	2024-04-28
Pretty URL 1win-cdn.com/js/42672.1d05742a3.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 04:13:54 Last Seen2024-04-28 19:32:26 Times Seen80 Hash db4dd424ca54820b5d1526bcce32de3b 1cacca74354efbf84123ea65b38fbda9dd637f2f 58038689962b9364e44bc619d088733b21f26913f18bec97ca2c41433803f41f Loading...

	1wytvn.life/core-js/3.33.3/minified.js	244 kB	2023-11-30	2024-05-01
Pretty URL 1wytvn.life/core-js/3.33.3/minified.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 12:06:40 Last Seen2024-05-01 00:06:18 Times Seen332 Hash 97ef15810bfd714fbb6955466693fa81 c33a9988b77ff3a02fd14874f2308ccf1739f8c4 e150f69a7ae98980592fe81f0f664c242834976066cb0fc326331d8983b63515 Loading...

	1wytvn.life/casino/play/aviator]	270 B	2024-03-30	2024-05-01
Pretty URL 1wytvn.life/casino/play/aviator] IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:19 Last Seen2024-05-01 00:06:19 Times Seen53 Hash 289bc12eac8d1333c742852d93dd0e77 931edfd193daa1e31e14e475d0dd467e66a33e19 87cc625c5c98e7a5971dace6ce6fc444053dd92da11a36c62ee5ed3c6f56fcb6 Loading...

	1win-cdn.com/js/62873.835acdef0.js	2.7 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/62873.835acdef0.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:06 Last Seen2024-04-18 14:37:35 Times Seen5 Hash 87e97797d80f0fb0ec7a7e969d33cf1f cd5235ad555333229593803b0465196c9a15dbaf d3f600f0e1adab4cb72f392329f46e68a7dec139b4637e328f92f613f1da86d6 Loading...

	1win-cdn.com/js/55799.274042d04.js	963 B	2023-12-02	2024-04-28
Pretty URL 1win-cdn.com/js/55799.274042d04.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 04:13:54 Last Seen2024-04-28 19:32:26 Times Seen81 Hash e2466ab1ee137c82e5eb4b9c4e4697c4 baaf5b96bd4aa8f0db35641325297038ebfb7f08 63109431400a0c9e57ef4916633669ef64250cf97fb7eed3ef1fb472d47545cd Loading...

	1win-cdn.com/js/chunk-common.9b76324c0.js	192 kB	2024-04-18	2024-04-18
Pretty URL 1win-cdn.com/js/chunk-common.9b76324c0.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:06 Last Seen2024-04-18 12:47:59 Times Seen10 Hash 86e7616782f692b7b87ea13e2aeb7648 b20f5cf83222f5975f359901b2df8ea2bcfed8d0 91be3877b7b734d5c04676d8f61f25b78732b3faca9c255fe663af9449972fe8 Loading...

	1win-cdn.com/js/91635.a2db5f817.js	748 B	2023-12-01	2024-05-01
Pretty URL 1win-cdn.com/js/91635.a2db5f817.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-01 00:06:19 Times Seen365 Hash e51646e9aa8ede0120c324fc7f1b980c d15bed4653a73a03424bc09e7746ad922a01579c 902ca682d52d4ae2808e187bbae9b7128712d732d7d5eda4cf1bad017d4f9521 Loading...

	unknown	170 B	2024-04-18	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:38:52 Last Seen2024-04-18 12:38:52 Times Seen1 Hash 809b676eba2b5115d430e66a5678f655 d9d8804c647d5975250b8fa0cf9c3a08664354e4 f27b9d639bf3cddabb2ad155f4f67af1efff74b9b2107b1d4687f6c1b371a4a5 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0bf001dcdb310567c52654a935c4f92a	80 B	2023-03-26	2024-05-01
Pretty Observations First Seen2023-03-26 10:50:54 Last Seen2024-05-01 01:57:19 Times Seen730 Hash 0bf001dcdb310567c52654a935c4f92a fddc3d16a5af259bcfa6b87a02bde4e3bcdc7109 a3b73a3b1e36d2bfad6fe9530c9c943f28a99cbe84d0674b555d14c3ae26c780 Loading...

HTTP Transactions (241)

URL IP Response Size

1wytvn.life/core-js/3.33.3/minified.js

190.115.24.78

200 OK

74 kB

URL GET HTTP/2
1wytvn.life/core-js/3.33.3/minified.js
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerLet's Encrypt
Subject1wytvn.life
FingerprintA9:AA:3C:AC:93:FF:91:3E:55:61:68:A8:D6:9F:FF:CA:D5:F3:72:21
ValidityTue, 16 Apr 2024 09:15:26 GMT - Mon, 15 Jul 2024 09:15:25 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31999)
Size
74 kB (74274 bytes)
Hash
38facf849f100d0fe6269a53a7bca451
9bb69f981438d48b093bd1eb673885476b4932f0
ce68e1614ab493deaecfa6eb9711736de0348248e1d559b5f6dfb5dc4c29b459

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wytvn.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/casino/play/aviator]
Cookie: __ddg1_=UOkV9RkTrxoNWP2oBlGL
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 16 Apr 2024 13:33:38 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 10:46:25 GMT
etag: W/"661e5701-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 162273
content-length: 74274
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

1wytvn.life/img/logo/main/1win-normal.svg

190.115.24.78

200 OK

1.5 kB

URL GET HTTP/2
1wytvn.life/img/logo/main/1win-normal.svg
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerLet's Encrypt
Subject1wytvn.life
FingerprintA9:AA:3C:AC:93:FF:91:3E:55:61:68:A8:D6:9F:FF:CA:D5:F3:72:21
ValidityTue, 16 Apr 2024 09:15:26 GMT - Mon, 15 Jul 2024 09:15:25 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1474 bytes)
Hash
0a5e2aff3499f587617337c0add83e72
c713ec3dbfd744114ba3b9cbf7b9ce3d40fbd8a4
a5cb3d03f299b837679eaa793491a03acc5fc1afdbc7f207b7566646f3bd2ecb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1wytvn.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/casino/play/aviator]
Cookie: __ddg1_=UOkV9RkTrxoNWP2oBlGL
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 16 Apr 2024 12:13:44 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 10:46:25 GMT
etag: W/"661e5701-1221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
age: 167067
content-length: 1474
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2

154.197.121.128

200 OK

33 kB

URL GET HTTP/2
1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33064, version 1.0
Size
33 kB (33064 bytes)
Hash
de175cbf569bb3ccf1f761c845cbd896
8d93663b858bae157ba5fc40e1400177104d71bd
df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wytvn.life/
Origin: https://1wytvn.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Mon, 15 Apr 2024 11:50:03 GMT
etag: "661d146b-8128"
expires: Sun, 16 Apr 2034 10:38:11 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=oCY6q6zqpNGnQFW_FSzGfHq2wNexYnp2ueFPZngox_o-1713436691-1.0.1.1-.NJuQHNGqyOLQYXWT45HY_ZuaCinZBaN86bhRojoAFl7M7g3Q3MRbjNJKkYuDInf72UjBo3nZl0wDbO8BK50dg; path=/; expires=Thu, 18-Apr-24 11:08:11 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406181f2656bd-OSL
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2

154.197.121.128

200 OK

44 kB

URL GET HTTP/2
1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43512, version 1.0
Size
44 kB (43512 bytes)
Hash
426f20bb65ea80d35f3f2a999d5d7d1e
85f211a450f26d7f0822d718fc61085a506fa455
06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wytvn.life/
Origin: https://1wytvn.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Mon, 15 Apr 2024 11:50:03 GMT
etag: "661d146b-a9f8"
expires: Sun, 16 Apr 2034 10:38:11 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=6lzB9dT2n2TSUwjUjZ643VwMyx5Wa0rdudxrKIFAQmA-1713436691-1.0.1.1-htYZx3PUa89kU56hMF8OcVkzgc5gFXZvBtQHByWpODoyrvyTSl8nS.eYD0gZbt6bmZQhds8x0DNzljngeh8njg; path=/; expires=Thu, 18-Apr-24 11:08:11 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406181f2356bd-OSL
X-Firefox-Spdy: h2

1wytvn.life/img/icons/favicon-16x16-darkmode.png

190.115.24.78

200 OK

344 B

URL GET HTTP/2
1wytvn.life/img/icons/favicon-16x16-darkmode.png
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerLet's Encrypt
Subject1wytvn.life
FingerprintA9:AA:3C:AC:93:FF:91:3E:55:61:68:A8:D6:9F:FF:CA:D5:F3:72:21
ValidityTue, 16 Apr 2024 09:15:26 GMT - Mon, 15 Jul 2024 09:15:25 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
344 B (344 bytes)
Hash
55101f46ace081073c98f0d75229ae94
384e813b0f35437de99eb269c7d5c76479e20886
e380e9db272a2b59fabadab58a1d0a0ba51fbba121eec2920d4ab7b239b85a5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wytvn.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/casino/play/aviator]
Cookie: __ddg1_=UOkV9RkTrxoNWP2oBlGL; visit_domain=1wytvn.life; ph_phc_g0UTdOPocaIsKP6mrNYRhKJrTmq7XwcuBgfYvKmPnj6_posthog=%7B%22distinct_id%22%3A%22018ef0c9-0c58-7f49-9681-ef71693e1143%22%2C%22%24sesid%22%3A%5B1713436691601%2C%22018ef0c9-0c91-7a05-8955-fac46a7c9f02%22%2C1713436691601%5D%7D; core-sticky=http://10.233.80.180:80; AMP_TEST=JTIyMTcxMzQzNjY5MTY1MyUyMg==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 16 Apr 2024 20:45:50 GMT
content-type: image/png
content-length: 344
last-modified: Tue, 16 Apr 2024 10:46:25 GMT
etag: "661e5701-158"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 136341
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

1win-cdn.com/js/desktop.a06c8f917.js

154.197.121.128

200 OK

37 kB

URL GET HTTP/2
1win-cdn.com/js/desktop.a06c8f917.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
37 kB (37435 bytes)
Hash
6d814217ece292f1369460fa57fc073d
53eb843d31fd0471e5a8439660dc200e737e6373
de66d8199cf4aa132acca116c0beecebecd6a4fbc1a1da96243f8f50d390c97c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/desktop.a06c8f917.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-2176e"
expires: Sun, 16 Apr 2034 10:38:11 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 968
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406197ba50b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win.direct/v4/socket.io/?Language=en&xorigin=1wytvn.life&EIO=4&transport=websocket

134.122.54.186

0 B

URL
1win.direct/v4/socket.io/?Language=en&xorigin=1wytvn.life&EIO=4&transport=websocket
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v4/socket.io/?Language=en&xorigin=1wytvn.life&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wytvn.life
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /2d75cVAlmgAQtgJkRdqiQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: mXXi+M7lBSaXGX/Xqzrs8cbiAP0=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=5845778d4b1fd90a; Path=/; HttpOnly
Upgrade: websocket

eu.posthog.com/static/array.js

143.204.55.110

200 OK

47 kB

URL GET HTTP/2
eu.posthog.com/static/array.js
IP
143.204.55.110:443
ASN
#16509 AMAZON-02

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerAmazon
Subjecteu.posthog.com
FingerprintCD:80:CA:06:24:DE:05:6B:0F:F1:7A:73:7B:98:D6:12:09:83:32:4F
ValidityWed, 09 Aug 2023 00:00:00 GMT - Sat, 07 Sep 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
47 kB (47140 bytes)
Hash
a5e451dbde5d303539c741728ff1a27e
97518c1a5b6a71b00a973e91a2cb32925d6b6d92
688219c18055687df9ad76c907c7f6245355726722081fe0dadae906bff34009

HTTP Headers

GET /static/array.js HTTP/1.1
Host: eu.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript
last-modified: Wed, 17 Apr 2024 22:41:55 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: wGpl9699qdxeuOg53sUZILZKBB96yMpN
server: AmazonS3
content-encoding: br
date: Thu, 18 Apr 2024 10:37:55 GMT
etag: W/"a5e451dbde5d303539c741728ff1a27e"
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: mru3vcpUIBCZMLf5qDwVf7ir9pGm5xuK9SxFZWOjpN-b-Ul6EFymtQ==
age: 23
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

1win-cdn.com/js/index.412051145.js

154.197.121.128

200 OK

79 kB

URL GET HTTP/2
1win-cdn.com/js/index.412051145.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
79 kB (78681 bytes)
Hash
a1698aa84e88e7559bd744bf49733ce0
d1d59d6de11d6f316ee4bc054038a8e985caab8e
ab7889b5e4307823341b9ac2ebd645ba2107d3e84f8430ca232b25a498ca0b40

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/index.412051145.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-2d400"
expires: Sun, 16 Apr 2034 10:38:11 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 969
set-cookie: __cf_bm=umlFb56lQEOYLNb4FGW_rzQH69pYZkUGwd7oOZbMkac-1713436691-1.0.1.1-6lA5NX6t__3eYPZUSQB.aFU2MsYce3ETrhUV99VQlP4F1lJ_4J5.zMklwmsL.WMAp0n_6S_iPZttPQRgGIbY6A; path=/; expires=Thu, 18-Apr-24 11:08:11 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061829c20b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/chunk-common.9b76324c0.js

154.197.121.128

200 OK

72 kB

URL GET HTTP/2
1win-cdn.com/js/chunk-common.9b76324c0.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
72 kB (71462 bytes)
Hash
6afbdfc506256e973559dc7eba5e96e0
f3806e40dcd7c3f04e864880de01633b83211eb0
61498425a9a731955d4bfc9e7a44a7e9bdf300463ffc7c3e0ded5caca529f49e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-common.9b76324c0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-2f00d"
expires: Sun, 16 Apr 2034 10:38:11 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241665
set-cookie: __cf_bm=zc9iZn84bB3c5ZR8ABtPcq1oTCXPBKx0GWLGwTg52us-1713436691-1.0.1.1-vWKNoOz_8BLvgIfRIUMTV_aEsNuzRds78MCzr55Rlqamaq2p5jZYL7xbu7HiQTa8mz9ydGjk1zby1ocrj137uA; path=/; expires=Thu, 18-Apr-24 11:08:11 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061819b80b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wytvn.life/firebase/8.1.1/firebase-app.js

190.115.24.78

200 OK

6.6 kB

URL GET HTTP/2
1wytvn.life/firebase/8.1.1/firebase-app.js
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerLet's Encrypt
Subject1wytvn.life
FingerprintA9:AA:3C:AC:93:FF:91:3E:55:61:68:A8:D6:9F:FF:CA:D5:F3:72:21
ValidityTue, 16 Apr 2024 09:15:26 GMT - Mon, 15 Jul 2024 09:15:25 GMT

File type
JavaScript source, ASCII text, with very long lines (19927)
Size
6.6 kB (6578 bytes)
Hash
5b9dcee25dd464bbf914b48e05e770c7
3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533
01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wytvn.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/casino/play/aviator]
Cookie: __ddg1_=UOkV9RkTrxoNWP2oBlGL; visit_domain=1wytvn.life; ph_phc_g0UTdOPocaIsKP6mrNYRhKJrTmq7XwcuBgfYvKmPnj6_posthog=%7B%22distinct_id%22%3A%22018ef0c9-0c58-7f49-9681-ef71693e1143%22%2C%22%24sesid%22%3A%5B1713436691601%2C%22018ef0c9-0c91-7a05-8955-fac46a7c9f02%22%2C1713436691601%5D%7D; core-sticky=http://10.233.80.180:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJiYjFlYjkwNy0zYzA4LTQ4NjQtODE1Yi01NzM3NzNjYzNiYzQlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzEzNDM2NjkxNzUxJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxMzQzNjY5MTc5MiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 16 Apr 2024 20:45:25 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 10:46:25 GMT
etag: W/"661e5701-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 136368
content-length: 6578
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

1win-cdn.com/js/37061.4706f0db4.js

154.197.121.128

200 OK

17 kB

URL GET HTTP/2
1win-cdn.com/js/37061.4706f0db4.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
17 kB (17413 bytes)
Hash
ef5e84f28d2c14de901fecfdda628de6
9e614df389b7219e23de8caf64a200d11183093e
d7b2c5580c00338f6bd17b7bc02b8eee963e471fcb2874cc00a9d147774028ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/37061.4706f0db4.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-6074"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227721
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061e69ec0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/90206.e6b56ddaa.js

154.197.121.128

200 OK

9.3 kB

URL GET HTTP/2
1win-cdn.com/js/90206.e6b56ddaa.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
9.3 kB (9295 bytes)
Hash
09037f77664ddcda5feb68d4ae215e4c
d7d463df65dac6fc04447550d367287e8f806114
ecc6b2207a33ac24fbbc409ca965317f9d8de8cddaac1f3ea8a8b4e3d81228e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/90206.e6b56ddaa.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-2d08"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241665
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061e69f80b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7

142.250.74.40

200 OK

105 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
IP
142.250.74.40:443
ASN
#15169 GOOGLE

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (50345)
Size
105 kB (104880 bytes)
Hash
c0f00b8ccaa092bcd8ee5590c4e09e14
2d6c10eb2ef421b269e08e27038c776caf68d9ad
d97d80dfa1bf215e3c48540723d04ba81facf17931f86dd8af1c4c5e283b7cf6

HTTP Headers

GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 10:38:12 GMT
expires: Thu, 18 Apr 2024 10:38:12 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104880
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/js/72947.f133d7870.js

154.197.121.128

200 OK

8.5 kB

URL GET HTTP/2
1win-cdn.com/js/72947.f133d7870.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
8.5 kB (8542 bytes)
Hash
8ad7da52fdb3536282fe71df86c21acc
14b20f7c7154c15d4db299f7a0de5dcfa069dc1f
dc8dbbe6e549385db3dd163d53d1e782266208b325923b6b2bc0fab45cf43ff0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/72947.f133d7870.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-1beb"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241606
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061e8a250b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/pwa_android_en.b229a444a-690.png

154.197.121.128

200 OK

33 kB

URL GET HTTP/2
1win-cdn.com/img/pwa_android_en.b229a444a-690.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced
Size
33 kB (33278 bytes)
Hash
43e03a24e305838eac0629c5cbf85550
85c71568d1008a17b928ac548987911daf187020
368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620e288-9305"
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406200c570b55-OSL
X-Firefox-Spdy: h2

d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png

143.204.42.118

200 OK

3.9 kB

URL GET HTTP/2
d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png
IP
143.204.42.118:443
ASN
#16509 AMAZON-02

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 124 x 48, 8-bit colormap, non-interlaced
Size
3.9 kB (3884 bytes)
Hash
3219393f1efd01cf2db20820dff57cf2
ebdbcf916084a0d5a70680021d269680e9f41d41
8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06

HTTP Headers

GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 3884
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Wed, 17 Apr 2024 18:17:51 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: c7EU-ZlJ77a34xULDZ2BTpB7l8tG60lvVgSidagV_YmbfI46s37NZg==
age: 58822
X-Firefox-Spdy: h2

1win-cdn.com/img/silverback.297288e25.svg

154.197.121.128

200 OK

40 kB

URL GET HTTP/2
1win-cdn.com/img/silverback.297288e25.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
40 kB (40251 bytes)
Hash
0ade08df2455b7dde1059582690406bb
dafe9c8756d5f14e1f536fa9bf421236b9b00798
80154f746161def69af59f94221aa1ecf8669c303b3c3a86fa98e266687c4dda

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/silverback.297288e25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-a2dd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406259ba50b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c

142.250.74.40

200 OK

72 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c
IP
142.250.74.40:443
ASN
#15169 GOOGLE

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (2165)
Size
72 kB (72280 bytes)
Hash
a99f0ae21bdce1ba33bb645aa50c60d4
91f098df802dda8eba697500b8ef30e1f8898503
8214cb646ef50fd0ae999172f4ce04eb8e52d9f97bbd2dd836ad661d6686c145

HTTP Headers

GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 10:38:13 GMT
expires: Thu, 18 Apr 2024 10:38:13 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72280
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c

142.250.74.40

200 OK

86 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c
IP
142.250.74.40:443
ASN
#15169 GOOGLE

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
86 kB (85752 bytes)
Hash
429285219bfbb289b79f150a9917c644
2db0b297df5869aaa543de9259bfa4fe54d04a7d
d7d3696100a0861d7785f0525e71e6f0177fc59068a8033c5f257dadd53e1cbb

HTTP Headers

GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 10:38:13 GMT
expires: Thu, 18 Apr 2024 10:38:13 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85752
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c

142.250.74.40

200 OK

90 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c
IP
142.250.74.40:443
ASN
#15169 GOOGLE

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
90 kB (90067 bytes)
Hash
d2046872648413dec8ba33a0880bc8c2
07ebf02dd77123b84ce6dd45647d5ee07becd4c2
c7450723d1a7c648d5add05d7408679f86c7aa1df06680823f6968d104878beb

HTTP Headers

GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 10:38:13 GMT
expires: Thu, 18 Apr 2024 10:38:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90067
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1win-cdn.com/img/agt.893343a61.svg

154.197.121.128

200 OK

54 kB

URL GET HTTP/2
1win-cdn.com/img/agt.893343a61.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
54 kB (53753 bytes)
Hash
14c4856f57446d20aa6dacb9f9a51bc2
4855e3ef79dcd8de70bab3a65244fd8a3dd58beb
d5255ffd1bb145b51c7339805f115c0b8b268a1d605b63f82fe37e6fd1c141e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/agt.893343a61.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-4be"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6991
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640622efe30b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/aviatrix.b5fd712c8.svg

154.197.121.128

200 OK

31 kB

URL GET HTTP/2
1win-cdn.com/img/aviatrix.b5fd712c8.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
31 kB (31027 bytes)
Hash
fa8d277985148623ec504d8805e669e1
80ff306985eca16cb1e584a6e6c8fd25d3313ff2
5380414375d684ad08689069557d94aa32e91ea2aafa11593a4636f7d957920e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/aviatrix.b5fd712c8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-34fe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640623387a0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/1x2gaming.00302c7de.svg

154.197.121.128

200 OK

8.8 kB

URL GET HTTP/2
1win-cdn.com/img/1x2gaming.00302c7de.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
8.8 kB (8790 bytes)
Hash
707a3ff0305f6d18f877178170215fab
47603caa012627f412fe488a701b823520fcb171
9801640ae612c89b27a0a50126acdc4f029beb81535c45d8736dc6b6eef61762

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1x2gaming.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1968
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640622af8c0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/14681.3d5bceb66.js

154.197.121.128

200 OK

17 kB

URL GET HTTP/2
1win-cdn.com/js/14681.3d5bceb66.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
17 kB (16707 bytes)
Hash
e06f1d38f9e16371592ddfc7d4512300
cb8b5f87eece8fd37edf3b749e602d185af3e0b5
ee5d107995df3a433aa8268e01f0cbb430ece1078dd1a211fee748cf371bcae0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/14681.3d5bceb66.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-24d"
expires: Sun, 16 Apr 2034 10:38:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 643452
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062acb2d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/62791.4c6b613ab.js

154.197.121.128

200 OK

22 kB

URL GET HTTP/2
1win-cdn.com/js/62791.4c6b613ab.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
22 kB (21652 bytes)
Hash
0d39f53c9a93637afe77cda5792f1175
4bd9105f0823cf339e075f086c121ab0a9d4579d
e58bf47c014dec9ac230161905cc230880a334013a0ad51d719b48ac5cfedba0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/62791.4c6b613ab.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-4ed5"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241354
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406220ec00b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/amatic.1ad22f1f0.svg

154.197.121.128

200 OK

8.5 kB

URL GET HTTP/2
1win-cdn.com/img/amatic.1ad22f1f0.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
8.5 kB (8485 bytes)
Hash
f1221331eedd64641316b4ebac9db3eb
709ba827f7208e26cf43766eafb7d77016a41150
9104106cba871fc5d0e4061c2ea3c7c1d207119b9aa7a37552322814d625d057

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/amatic.1ad22f1f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-400"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2493
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640622fffc0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg

154.197.121.128

200 OK

9.7 kB

URL GET HTTP/2
1win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
9.7 kB (9713 bytes)
Hash
1772b1cc519592b8bae53b1fa7c162c4
48d1c2abdb4423f9f7e1cfa701363b5790d51d0b
c4239313b9358a5bc76d4b98b21deba3ee45b24a3d86ed41a5e51b983af39f50

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/3%20oaks%20gaming.a6d146d58.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-aa2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3174
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640622bf960b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@avif

188.114.97.1

200 OK

7.5 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
7.5 kB (7494 bytes)
Hash
513f3198a187e1d23253286e6e6c1f00
fc18a35dfde5d07e13da9d42681541942e92bc0b
47c47c9c1baf50edcde06130657e3eb321cedabedaa0c3da51806079548980dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 7494
cache-control: public, max-age=31536000
content-disposition: inline; filename="ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MWU5LTJhM2VmIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: 7E-VjHnz0JIzJtzXxZNLZ
cf-cache-status: HIT
age: 6701
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=50bVYXTssrel0iNjp5FmWWQGMTYxvaXGH1aWoQRG5iVmVDH7S5gOZXfU%2BfhKdGQ%2FlZYi2UfCLhm0QThvmaA17bKdpq1HIqGel3Yuqvx4ynSD6jbcK5e9Mr%2FJjsx%2BN4FpI9pMCSw2NnE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062c1ea7569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/5143f104-2f79-4e54-a0ca-14e3c3a5db0b.png@avif

188.114.97.1

200 OK

4.6 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/5143f104-2f79-4e54-a0ca-14e3c3a5db0b.png@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
4.6 kB (4629 bytes)
Hash
cc5a1bc26de9b61dd2964d8321b5b672
71f98b218185c4537a2b32b0655f2678bf27ec1c
eeb1dd06327066d54be986e8026e87a0eba3e29d7fe9267779cfcf9a0d4b83ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/5143f104-2f79-4e54-a0ca-14e3c3a5db0b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 4629
cache-control: public, max-age=31536000
content-disposition: inline; filename="5143f104-2f79-4e54-a0ca-14e3c3a5db0b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjRlNTdlLTFhYmUxIg"
expires: Thu, 18 Apr 2024 10:41:46 GMT
x-request-id: FkelutDSEjtU9PJOK3f5R
cf-cache-status: HIT
age: 604588
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TlsFS5KvqXTSPnp4r2qwjodu2GHCPRHlvJ6HvF5Lwg3zBxv%2BpXeXfzKeel7ESpzBHZwO6St4RGy2k7mL2vt1jGHCl2n05x82tDzJdjku3C7SiBsd5yvA52c4EMBhIjOf3WrnaahfQ9U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062c1eae569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/wm/54c233e6-a329-497f-ba00-2cbf011a686c.png@avif

188.114.97.1

200 OK

8.6 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/wm/54c233e6-a329-497f-ba00-2cbf011a686c.png@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
8.6 kB (8615 bytes)
Hash
c25ac2cc473de01b240f39b723442856
4689fb09b7f6312213fef9bf188c188aa692b0bf
119ad068e9121fb34e57b75cf3271378699030412290dda198592d97154b4ca8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/wm/54c233e6-a329-497f-ba00-2cbf011a686c.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 8615
cache-control: public, max-age=31536000
content-disposition: inline; filename="54c233e6-a329-497f-ba00-2cbf011a686c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NzMyMThhLTEyYjE4Ig"
expires: Tue, 23 Apr 2024 06:16:40 GMT
x-request-id: -P5vcoR0ZLlzFWxDNvkBg
cf-cache-status: HIT
age: 188494
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cBnLB7hiN1yjOzRIlQXPXnm0McHY1%2BIfq72ZuYMW46ASnGIKxrMmIKG0sjOxN8FBnIKUn4J4bR%2BMGWo4rRf2pOD0rhS7%2B3ZXAeFVk1FYMYrDhaO%2FePov9OA%2FQIUBtMCtfgzARXRbrGY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062c2ecc569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/goldenrace.4bb50c89d.svg

154.197.121.128

200 OK

12 kB

URL GET HTTP/2
1win-cdn.com/img/goldenrace.4bb50c89d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
12 kB (12449 bytes)
Hash
be9304a7b04c527bd97dfb3204b254bf
7a2a751300a94415cfbadea03028648e3e79eafc
7d14e62ddef566bac1ca12cb8414c3d6905e603c8badbeec0d9c3814c3af98e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/goldenrace.4bb50c89d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-88a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624ba970b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@avif

188.114.97.1

200 OK

9.0 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
9.0 kB (8963 bytes)
Hash
ea24c3b32fe9681c1d4aec12f8f275e3
e9b21c7677b41a27b76649bfaaa44a18c84520d9
6f553f090e8ba0e2cbb116b6b96643c0b89770f4fa950e2e62cdb79ac087c0ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 8963
cache-control: public, max-age=31536000
content-disposition: inline; filename="304789e6-5a8e-4b13-828f-c3504fe6e2d4.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGU2OWY2LTcwMTk2Ig"
expires: Mon, 22 Apr 2024 18:05:47 GMT
x-request-id: XgBPQTtaC6zDtkXTgO1LQ
cf-cache-status: HIT
age: 232347
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4XCBmHDtxQ4tXBpXuu6%2BdqJhEZgDCyeNd4hJzFDAAu%2Bp%2Fv%2BvD%2BVgVQSJks5ncTIF2Yn2X32qa4PXhUyetWq%2BqVzWv%2BFMbkYfbDfGlgILY4omuEoJycBG3cf2cMh3b5hyq5xg2KgjEaE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062c2ed3569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/yggdrasil.a6bc350dc.svg

154.197.121.128

200 OK

11 kB

URL GET HTTP/2
1win-cdn.com/img/yggdrasil.a6bc350dc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
11 kB (10717 bytes)
Hash
1afc5ce95a050c2c113d5bba237668cb
e8ea422df4303ae86d690c13c2b78cec8d7ad11d
69e6e2dc59818184b962d00c9ffe4fa737ffe2047df40d2b742cf7cf6e02bb03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/yggdrasil.a6bc350dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1697"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3174
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406264c7d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif

188.114.97.1

200 OK

7.8 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
7.8 kB (7785 bytes)
Hash
6a86c5bb3ff2902051c8a5b9212df604
4c871b9b1b0da3cb252977e3177d302cad6230fd
131c4194037afc4e0e990751d6b75b478eef845d855d2d20bc2722612ddf671c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 7785
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWNlZTJkLTZiYjFhIg"
expires: Mon, 22 Apr 2024 09:31:24 GMT
x-request-id: wdVogJG6lGKG5dXt_-vLW
cf-cache-status: HIT
age: 263210
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g7uiGre1n0ZRLsTT8ZHEXH3L%2FFYOeZnYeQfrVgk4YUNxHrW2l4MpqQDxQ48N58yBBJPcpIylmAjoYHqNmBAXsc%2Bq8sOFRNrVp4IOt%2Bo88QbLkTEto7tj%2FtzfNRZbff6vd3q8tx8C%2BRk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062c2edb569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png

188.114.97.1

188 kB

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]

File type
PNG image data, 420 x 312, 8-bit/color RGB, non-interlaced
Size
188 kB (187738 bytes)
Hash
4416ed8b7feed37a2962c1bd4e6d746c
b63234238a2d4b2b2df509e875a611c1a9377454
80c7a6e0baa1ba60eebab8e562472a22a34a5d0fe172710a697b749bfeb16b5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/png
content-length: 187738
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MTY2NmI4LTJiMmQxIg"
expires: Thu, 25 Apr 2024 02:08:27 GMT
x-request-id: 0CiB7gblxf_yXz1donAIq
cf-cache-status: HIT
age: 30587
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2BRdgbEPvaDOGb7X9Isyq8rH%2FRbezBotHucc1PaUy37Q6jzkleIboGcU1dKBqfCK9ifONbn%2BFgBpM%2BBoxTZK4yGaUYFbMcr3vBxPEGmRgJi74Bj27NSA5Tg8BiuhIIhwl4eMerAqtDo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062c7f49569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/5edc8ea2-0ff4-461d-8d49-e5620f9d9052.png@avif

188.114.97.1

200 OK

9.6 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/5edc8ea2-0ff4-461d-8d49-e5620f9d9052.png@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
9.6 kB (9636 bytes)
Hash
990799c6c6df9a1e5e94526459d9be1f
ccb198a806fd8e3d55f90363353e68cb63e13584
e01b139fb7ee52def30b22d3d1bd690b6a71f9e7f58511743afe54bd6115d12e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/5edc8ea2-0ff4-461d-8d49-e5620f9d9052.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 9636
cache-control: public, max-age=31536000
content-disposition: inline; filename="5edc8ea2-0ff4-461d-8d49-e5620f9d9052.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0Nzc0NGRmLTZmNjczIg"
expires: Fri, 19 Apr 2024 09:17:22 GMT
x-request-id: N0M553laPW56HD_hznpcj
cf-cache-status: HIT
age: 523252
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=owfDv%2Blnp%2F8otLdYzL7qiEEL3LxosKdb20Igk6ND59BCpD24AYCVk2wXxG6abxPGuS9W5%2BiZt9oRNHgBVQdRLZzZXyl9M2U1uMKiSFenC8xIrz%2Fzq64gvCrHLw6S%2BR%2BnlvKA0lWEFN4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062cafc1569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/ab5b40cf-dfe7-4f2f-b1fd-a97c604df0e1.png@avif

188.114.97.1

200 OK

8.9 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/ab5b40cf-dfe7-4f2f-b1fd-a97c604df0e1.png@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
8.9 kB (8870 bytes)
Hash
2c831f3846b165fce749aac89d0ff5d7
c4d9313a3fd4b4e4f4254f93ae96e63732e586d1
235fdca7f0236381741b157ac8844d18f112f8f2f8183fae5b8128189569985c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/ab5b40cf-dfe7-4f2f-b1fd-a97c604df0e1.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 8870
cache-control: public, max-age=31536000
content-disposition: inline; filename="ab5b40cf-dfe7-4f2f-b1fd-a97c604df0e1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzNjI2OWQ0LTZmNGIzIg"
expires: Tue, 23 Apr 2024 07:23:28 GMT
x-request-id: 8GCrYTeBXan7zSxMUAxNA
cf-cache-status: HIT
age: 184486
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AEJv5vHZouuKL%2FPojGdrE0dAW0WE7jLDgc73HLsKrxSd%2Bky6hp4VyJ94wPAEokjZNKdS9kqW2hmWlAuYMfcARRP7cwZw1KRaZFktAWzFHk4Taph9z%2B5UuZ8lBjAB1JUmIbyppm284Hs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062cbfc4569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/genii.367222bbe.svg

154.197.121.128

200 OK

8.1 kB

URL GET HTTP/2
1win-cdn.com/img/genii.367222bbe.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
8.1 kB (8114 bytes)
Hash
707e3fd244962c82a58e928a1836207a
89dc5ba95d4ae9b28c9fce321b6a55c58502448b
71ede08aa89a29c475a4149ac5ceafe119672df7480c21ed15fb0ab8ce45b53a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/genii.367222bbe.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-ecd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624ba820b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/liw.134f23084.svg

154.197.121.128

200 OK

8.5 kB

URL GET HTTP/2
1win-cdn.com/img/liw.134f23084.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
8.5 kB (8514 bytes)
Hash
577d07441643a44d8a44dada8abfc4dd
58a895964b4780ad7a084c0c4500c2786a466536
239929a36d0201dba585c7549b7a37bd02f79902641108d79ec19cd9d59a8815

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/liw.134f23084.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1e9e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624ead70b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/90511.4bc374431.js

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
1win-cdn.com/js/90511.4bc374431.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
13 kB (12942 bytes)
Hash
87ceee1ecf4f698b9fdc1382d9b04f77
b37170d636c91e231255f9c2f740d9d68ead29f6
37c2253aae1b33709bab463eab55bf727fd71eec91a0eba5e5e850d455b8aa9e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227539
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061fcc0e0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a9052c9e-e101-4319-9c19-a749e186bfe1.jpg@avif

188.114.97.1

200 OK

5.0 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a9052c9e-e101-4319-9c19-a749e186bfe1.jpg@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
5.0 kB (5031 bytes)
Hash
fd775d513467359fe250ee9dbb78bc38
c711b8a6c651b968f841ca8ad38501efd35337c9
4427487f1cd525847e5d5cd9639e37fc6f301d299ef6bc7d0e36835b7e8f61bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a9052c9e-e101-4319-9c19-a749e186bfe1.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 5031
cache-control: public, max-age=31536000
content-disposition: inline; filename="a9052c9e-e101-4319-9c19-a749e186bfe1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1M2I4NWYwLTExNmQ5Ig"
expires: Mon, 22 Apr 2024 18:56:48 GMT
x-request-id: m1tgERBE95XRZtQwRCk6b
cf-cache-status: HIT
age: 229286
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rqzSSFmNsjJhHQzkdCXBMlf9gXj%2FGfi1QXNefIDmqqMUHyUx8%2Bdt3ontNsYmUihFs%2BIpGXYIYRIGzYwaUiVqpG7ccycba%2B9JR4X7byNGoQKl8fkcODP5qXPIBGb7252fs7CkTfpkjuk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062d1848569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/62692.9dadb7398.js

154.197.121.128

200 OK

4.8 kB

URL GET HTTP/2
1win-cdn.com/js/62692.9dadb7398.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
4.8 kB (4806 bytes)
Hash
e2b8383cdc3e2c6fd7fd916e6f0d80cd
0fdf5047ab4356f3e3fb344cca54b19751a9ed2b
c2b1ac80a7ab8b6e6b24151fb621ec053dc042c6cb559747a8f36c5628b32548

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227719
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061eead00b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/9019.80a6702e0.css

154.197.121.128

200 OK

11 kB

URL GET HTTP/2
1win-cdn.com/css/9019.80a6702e0.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
11 kB (10912 bytes)
Hash
c7378262d715b7b454966f3691da3d4f
e25e00ea55b9dfd4f9bf2cf5afcc9b57718219b3
e68016453fcda14a45eb9f7a9e33d145e0ad1aa153690fb8b3c1ff43ee98c443

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/9019.80a6702e0.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: text/css
last-modified: Mon, 08 Apr 2024 13:45:49 GMT
etag: W/"6613f50d-604c"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 850760
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061e7a040b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=716980357.1713436695&gtm=45je44f0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1237791878

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=716980357.1713436695&gtm=45je44f0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1237791878
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint0E:DD:25:54:7B:C3:7F:EC:27:35:B1:EC:15:C4:B7:D2:09:71:3B:68
ValidityMon, 04 Mar 2024 07:26:33 GMT - Mon, 27 May 2024 07:26:32 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=716980357.1713436695&gtm=45je44f0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1237791878 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 18 Apr 2024 10:38:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/img/belatra.1e7508387.svg

154.197.121.128

200 OK

6.3 kB

URL GET HTTP/2
1win-cdn.com/img/belatra.1e7508387.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
gzip compressed data, from Unix
Size
6.3 kB (6336 bytes)
Hash
ebea9a7a9255be77f32982241f985bed
52f0bbd6fee95fe0c6bb59552a2907d17d4d79bd
41306319d92df611b4ddb4a38b305c253a8b85ce3c44c9f9b9035a62a9904c61

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/belatra.1e7508387.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-13fa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062348880b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/62873.835acdef0.js

154.197.121.128

200 OK

22 kB

URL GET HTTP/2
1win-cdn.com/js/62873.835acdef0.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
22 kB (22040 bytes)
Hash
e5b7162b1977b83b32ad5d09eea06e6e
96abedca3f74299ef714007c85c1be21cf9b38aa
98a5c15ddc041107c6184da19c9fa9e6f80cc30e464b474d06f3c9257a746a75

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/62873.835acdef0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 16 Apr 2024 10:04:48 GMT
etag: W/"661e4d40-a86"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 172292
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640621ae290b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/hacksaw.5f0e80ecd.svg

154.197.121.128

200 OK

204 kB

URL GET HTTP/2
1win-cdn.com/img/hacksaw.5f0e80ecd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
204 kB (203776 bytes)
Hash
2188bfbacfdd2e110ea2fbe31b5dce6b
8d5d05180c14a569a65af6b04e196bbe91166282
1dadadea5173012901f96b496bd7cf069342d820a38690f43a7992a8829ef28d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/hacksaw.5f0e80ecd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3175
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624cab50b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

eu.i.posthog.com/i/v0/e/?ip=1&_=1713436698373&ver=1.126.0&compression=gzip-js

3.125.75.228

200 OK

15 B

URL POST HTTP/2
eu.i.posthog.com/i/v0/e/?ip=1&_=1713436698373&ver=1.126.0&compression=gzip-js
IP
3.125.75.228:443
ASN
#16509 AMAZON-02

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerAmazon
Subject*.i.posthog.com
Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67
ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT

File type
JSON text data
Size
15 B (15 bytes)
Hash
c86a47ac0d792e37182689c73fcbf6ad
8fd92e4671341e79f0a3529ac5e9d59d38db9e78
0c40bafcfdc8adc6db63a6a5bfdb3dd5201798e6163fc674dc2fcbdb2a4134f1

HTTP Headers

POST /i/v0/e/?ip=1&_=1713436698373&ver=1.126.0&compression=gzip-js HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 764
Origin: https://1wytvn.life
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:18 GMT
content-type: application/json
content-length: 15
vary: origin, access-control-request-method, access-control-request-headers
access-control-allow-origin: https://1wytvn.life
access-control-allow-credentials: true
x-envoy-upstream-service-time: 191
server: envoy
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je44f0v894728184z8894400803za200&_p=1713436692200&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=716980357.1713436695&ul=en-us&sr=1280x1024&pscdl=noapi&dp=%2Fcasino&sid=1713436694&sct=1&seg=0&dl=https%3A%2F%2F1wytvn.life%2Fcasino&dt=1win&_s=2&tfd=10079

216.239.34.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je44f0v894728184z8894400803za200&_p=1713436692200&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=716980357.1713436695&ul=en-us&sr=1280x1024&pscdl=noapi&dp=%2Fcasino&sid=1713436694&sct=1&seg=0&dl=https%3A%2F%2F1wytvn.life%2Fcasino&dt=1win&_s=2&tfd=10079
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je44f0v894728184z8894400803za200&_p=1713436692200&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=716980357.1713436695&ul=en-us&sr=1280x1024&pscdl=noapi&dp=%2Fcasino&sid=1713436694&sct=1&seg=0&dl=https%3A%2F%2F1wytvn.life%2Fcasino&dt=1win&_s=2&tfd=10079 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 240
Origin: https://1wytvn.life
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1wytvn.life
date: Thu, 18 Apr 2024 10:38:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

static-adm.1win-cdn.com/banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png

188.114.97.1

230 kB

URL GET
static-adm.1win-cdn.com/banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]

File type
PNG image data, 1508 x 488, 8-bit colormap, non-interlaced
Size
230 kB (230270 bytes)
Hash
c45a5f023592d6b869a1a41216399dc9
280d32d02ad142bfaa08ae0bdf4e7812d2336b9e
eb3288d5ba136f10c1e3ecd675b8201eed039099f751b3df152781cdffd78aeb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:32 GMT
content-type: image/png
content-length: 230270
last-modified: Tue, 13 Feb 2024 22:31:26 GMT
etag: "65cbedbe-3837e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 591
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3XOAyVuoS9LgsoVtq9au7voWFJo7fjnOnLF980TMwRU5BW%2F0QjOw7h5ehKAYox8h%2BKSzJBK44voBX1BO5ZGN1cpwLuXYqg6QsF82Js1Znp2isXgCcyAF1lyU2kfE8qktH2cxLchRccd0Dw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764069e6bd4569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static-adm.1win-cdn.com/banner-files/9yYmJ2Tur3tt3XYtW2oVI8DGGkHjXl6mIxs4CN1HVley9FHORmApqK--Ba_jqSnNCnVpU7quGzIx6y3udjY5UnKYhEgasG11otA1.png

188.114.97.1

200 OK

8.3 kB

URL GET HTTP/2
static-adm.1win-cdn.com/banner-files/9yYmJ2Tur3tt3XYtW2oVI8DGGkHjXl6mIxs4CN1HVley9FHORmApqK--Ba_jqSnNCnVpU7quGzIx6y3udjY5UnKYhEgasG11otA1.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
PNG image data, 1508 x 488, 8-bit colormap, non-interlaced
Size
8.3 kB (8313 bytes)
Hash
b7de3691fd1c1a6d6b09078011ffea54
b779cc6b081d228b5982d908fa4121bf89564bcb
8727bf47f35343854ef0783ad29be93c5ee9a73df60956ed43e3c60164bea567

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /banner-files/9yYmJ2Tur3tt3XYtW2oVI8DGGkHjXl6mIxs4CN1HVley9FHORmApqK--Ba_jqSnNCnVpU7quGzIx6y3udjY5UnKYhEgasG11otA1.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:32 GMT
content-type: image/png
content-length: 8313
last-modified: Tue, 13 Feb 2024 22:31:22 GMT
etag: "65cbedba-2079"
cache-control: max-age=14400
cf-cache-status: HIT
age: 591
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ke1%2Ftrae86fmBbd25pFwhy5CsVippNofYAACUK0sCZoktLFPwC0d6Lf97SGkApmI%2F6%2BOHJpXheWw3Lyf35UTdLIK%2BxPlwC3KAYgz6rSk%2BIW53eNndh73DPHaUpI3Wb2N4%2FgvLuI4CuJadQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764069e6bd5569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/mancala%20gaming.441ae5f23.svg

154.197.121.128

200 OK

3.2 kB

URL GET HTTP/2
1win-cdn.com/img/mancala%20gaming.441ae5f23.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
3.2 kB (3216 bytes)
Hash
fecafa12f578f5ced554ed31aba5c852
7e1f6f044c0508f11d1c5a58a41c3d1423bd7069
77c790b43104ff72a4363c886ef16e2716f2de4bd9b8a870b1228aec39924fe7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/mancala%20gaming.441ae5f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-c90"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624eae00b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/quickspin.d9067a98a.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/quickspin.d9067a98a.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2388 bytes)
Hash
2981087d9047df84f1f173886d7f2353
27ee3db1546e61fb1042fe15065f39266f85bcc8
5dcab82097da033050612cbf50989d6cc9d2fe6823af9c8ea82affdc504e5a3d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/quickspin.d9067a98a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-954"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2574
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406255b650b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/turbo%20games.0a45ae56b.svg

154.197.121.128

200 OK

1.0 kB

URL GET HTTP/2
1win-cdn.com/img/turbo%20games.0a45ae56b.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1046 bytes)
Hash
a3d3ed5aaed2f3fd7a089aa6b6e00aea
d366f4c84c203fd116575a62676b89bcd97c5816
8c7289cbe7f24989aef5f3b52bf00d1178c03b134a718bdbf54d7ffa7d8426ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/turbo%20games.0a45ae56b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-416"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406261c4f0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/78449.1776bac9f.js

154.197.121.128

200 OK

786 B

URL GET HTTP/2
1win-cdn.com/js/78449.1776bac9f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (804), with no line terminators
Size
786 B (786 bytes)
Hash
3997e692861614602ae0ad581192673b
274ba9d8795299558fc25f0bdceb6997a27b8a4d
70920957cad5b0eb4747ccfa5e2cbde79c7f88bd7e3077e5715924c1c4368716

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/78449.1776bac9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-312"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227717
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640622eff40b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/72947.6737d5583.css

154.197.121.128

200 OK

1.8 kB

URL GET HTTP/2
1win-cdn.com/css/72947.6737d5583.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ASCII text, with very long lines (1776), with no line terminators
Size
1.8 kB (1775 bytes)
Hash
f5fab3f33d4b698e09236a50c3df29d8
ebdc6db1b202b2c43a28f82af8d1c87d84cc6e0e
0cb52ad2657d1e76d870a92141b2a3abbd3a4125e55c06d58e942c30405153db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/72947.6737d5583.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: text/css
last-modified: Mon, 15 Apr 2024 13:22:54 GMT
etag: W/"661d2a2e-6ef"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 243578
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061e8a180b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/apparat.f7a706d8e.svg

154.197.121.128

200 OK

387 B

URL GET HTTP/2
1win-cdn.com/img/apparat.f7a706d8e.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
387 B (387 bytes)
Hash
c263fae5892b9bdd3fa5e761a8aeb723
4646d9080fe51e04962c1f2dabf13119c6d71a41
2a333baf6e1f1e4d92fa73faae466563009d96e860c1423519b890b68153b70d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/apparat.f7a706d8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-183"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2493
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640623285a0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/46719.c1d2eb9c5.js

154.197.121.128

200 OK

527 B

URL GET HTTP/2
1win-cdn.com/js/46719.c1d2eb9c5.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (545), with no line terminators
Size
527 B (527 bytes)
Hash
8375a4110ec42498df870269f31e79db
d974e51c02dbdc175ffa8d4384b385ecce38e581
b63b4ea04779e05a75b5e69f026faa71ee3601834dc416ce230a65ef9171d861

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/46719.c1d2eb9c5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-20f"
expires: Sun, 16 Apr 2034 10:38:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 610113
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062b2bdb0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wytvn.life/casino/play/aviator]

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/js/9726.f171d96f4.js

154.197.121.128

200 OK

550 B

URL GET HTTP/2
1win-cdn.com/js/9726.f171d96f4.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (584), with no line terminators
Size
550 B (550 bytes)
Hash
b0269d262b577b24e386d44e3a8a2515
0ae665ce9e9245ac8b29561292e7a208395ea49c
2182a2a1459e2e595fcf4081f7f3a428470038bbd21438c840af61d014ac55b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/9726.f171d96f4.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-226"
expires: Sun, 16 Apr 2034 10:38:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1219154
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062fdc770b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/7mojos%20live.cb6749a25.svg

154.197.121.128

200 OK

6.6 kB

URL GET HTTP/2
1win-cdn.com/img/7mojos%20live.cb6749a25.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
6.6 kB (6639 bytes)
Hash
63dcbe9ebaa3f238a8c0152142b06a03
cac36df8800a2f72b9b51f9eeffd74e82be4ae7e
c22e31035811334913ddbd32cfc1881c38c08fdd4d4b4c1c5362ecb6ee23a316

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/7mojos%20live.cb6749a25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-19ef"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1968
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640622dfde0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/pg%20soft.fdb9d6567.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
1win-cdn.com/img/pg%20soft.fdb9d6567.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1440 bytes)
Hash
71eb5806fcdd473839d2654d03c3fd5e
76a63507f2c2a26ffc343182aaa5d3278197ab88
dcf4ddaaf54ac6541b02df2c9198fe4743b219ec65ec8caa67b999e6a07335dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pg%20soft.fdb9d6567.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-5a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3175
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406252b200b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSText-cyrillic.211c5c35c.woff2

154.197.121.128

200 OK

22 kB

URL GET HTTP/2
1win-cdn.com/font/SFNSText-cyrillic.211c5c35c.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21916, version 1.0
Size
22 kB (21916 bytes)
Hash
6396986c711f0dfc793140885fb00d41
6199282046b142fd34d950a274769b56cc85c87c
5d30f3756e0a53b580ebd92d46e748a7f51331f4637b6eb594f2b7a79f64245b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSText-cyrillic.211c5c35c.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wytvn.life
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: application/octet-stream
content-length: 21916
last-modified: Mon, 15 Apr 2024 13:11:13 GMT
etag: "661d2771-559c"
expires: Sun, 16 Apr 2034 10:38:13 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=PxDrtW7T4o2xosRogX1aDw4JejhfOc6.d248peuZ0gI-1713436693-1.0.1.1-wlEZMVdbbi2i12i.BMv3FJGUAqjtuCVGLXkAwnPtBxyydfF8gII7nfxZIbGw6jUht5RIJd4RPGynptDTV7.jIw; path=/; expires=Thu, 18-Apr-24 11:08:13 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640626ac6756bd-OSL
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif

188.114.97.1

200 OK

6.3 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
6.3 kB (6321 bytes)
Hash
049927e2f79d1b3f7c0db06be6378930
bc6a9c76a5027d6e63381bb7cf0ff70068d06792
8488c7746bd184e9f0210a44f098d433e1f94e2bec27d1e26c2b75cf82250b17

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 6321
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTY2NmI4LTJiMmQxIg"
expires: Wed, 24 Apr 2024 18:12:09 GMT
x-request-id: yrl775GXM9Fh3TxtQq3wr
cf-cache-status: HIT
age: 59165
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mWunVJiq7pvhmaAMtnfiqa3SFpDh4roTRAyisynoycu8evPXa%2FsNvRoQuP9%2FPJ4PvywjbSFaS13egekRwFHJmsHR9HU7AKxP%2FCiIiV%2B0%2FFZ184egY0gpZza5Ns4jrdBPZKtL4ALIPeI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062bee7d569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/wm/54c233e6-a329-497f-ba00-2cbf011a686c.png@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/wm/54c233e6-a329-497f-ba00-2cbf011a686c.png@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/wm/54c233e6-a329-497f-ba00-2cbf011a686c.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/img/smartsoft.d8a4b520d.svg

154.197.121.128

200 OK

299 kB

URL GET HTTP/2
1win-cdn.com/img/smartsoft.d8a4b520d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
299 kB (298969 bytes)
Hash
6bec0d360a5db76d67f9da29d3d4d206
614068b8909c0fdf885888290e5c0d62cff35951
df436f88f7f3b8bca45c6f8717853ca32849bb220297851fca614a4d574e6eda

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/smartsoft.d8a4b520d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-48fd9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640625abbe0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg

154.197.121.128

200 OK

3.1 kB

URL GET HTTP/2
1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
3.1 kB (3066 bytes)
Hash
ced188fd368f5c8439ebd4398c9c9315
3b04cd5dfecda2e4b27b203dba4a6cef1b7890ea
82811dea95287317cc83610df97a7bc61db4783bd43ef75c8131c497f7868ef6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6991
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061fabdf0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/1x2%20multiplayer.00302c7de.svg

154.197.121.128

200 OK

2.6 kB

URL GET HTTP/2
1win-cdn.com/img/1x2%20multiplayer.00302c7de.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2555 bytes)
Hash
113eb6d7137f5f70e8e824f5487e85bd
3d4d5852693e551b81b3d8106608e11bdb3a5080
72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1x2%20multiplayer.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1968
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640622af890b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/sa%20gaming.396c34ca4.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/sa%20gaming.396c34ca4.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2376 bytes)
Hash
eec27b0a30619e016eae50d11f9a53b9
ff3da2add15102d508e5f361ba5fef6c01bafcc4
d980864e2bbbbf04843596ec55869200f0fb749ae5113b85b17d377bc8acbab8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sa%20gaming.396c34ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-948"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406258b9d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win.direct/v4/socket.io/?Language=en&xorigin=1wytvn.life&EIO=4&transport=websocket

134.122.54.186

101 Switching Protocols

0 B

URL GET HTTP/1.1
1win.direct/v4/socket.io/?Language=en&xorigin=1wytvn.life&EIO=4&transport=websocket
IP
134.122.54.186:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerLet's Encrypt
Subject*.1win.direct
Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27
ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v4/socket.io/?Language=en&xorigin=1wytvn.life&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wytvn.life
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /2d75cVAlmgAQtgJkRdqiQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: mXXi+M7lBSaXGX/Xqzrs8cbiAP0=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=5845778d4b1fd90a; Path=/; HttpOnly
Upgrade: websocket

1win-cdn.com/img/100hp%20gaming.8352a77d8.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/100hp%20gaming.8352a77d8.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2357 bytes)
Hash
4ed7fa45e0933ca6d981ea7fdd5e86ad
9da697d8f40394da2cc17c0c82e73cb1130023d3
619d6f72aec387dbde0c96adf91a96436c6c496d67a67841a4058fda6283210d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/100hp%20gaming.8352a77d8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-935"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6991
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406228f720b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/rubyplay.b4553f39e.svg

154.197.121.128

200 OK

7.6 kB

URL GET HTTP/2
1win-cdn.com/img/rubyplay.b4553f39e.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
7.6 kB (7557 bytes)
Hash
3858ea5c6be5319073b0453eac475c1b
72be49666df66401b531cfe9658ae2b64f897b0b
fb96a6365440b705da9c72c59a869499f4872ed922243f9d248536974a860980

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5311
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406258b9c0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/500_i18_bg.d251a9b83-1508.png

0.0.0.0

0 B

URL GET
1win-cdn.com/img/500_i18_bg.d251a9b83-1508.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/500_i18_bg.d251a9b83-1508.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wytvn.life/casino/play/aviator]

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/5edc8ea2-0ff4-461d-8d49-e5620f9d9052.png@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/5edc8ea2-0ff4-461d-8d49-e5620f9d9052.png@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/5edc8ea2-0ff4-461d-8d49-e5620f9d9052.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/css/index.7eff7789c.css

154.197.121.128

200 OK

6.1 kB

URL GET HTTP/2
1win-cdn.com/css/index.7eff7789c.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ASCII text, with very long lines (6130), with no line terminators
Size
6.1 kB (6123 bytes)
Hash
12639803befce09b072e0d9b8fa62f8f
e78a7a568fb16b901eee20bf02dd15b0a02e8978
903403fc754dbbb436cc54a1dd1ac75442d82b8f0c7caf839b5a145d149a50f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/index.7eff7789c.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-17eb"
expires: Sun, 16 Apr 2034 10:38:11 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227729
set-cookie: __cf_bm=cUmToHswi.vkJLuZ5ILKhLwq_uRUurDjnpZ_MTseFY4-1713436691-1.0.1.1-zP.4wSW4Bwyb4S0CyXki9IFCthAICi_JlrnxFw1NjVq0pbro6hCWoj7HwNYSve9IOkhzqJ.s0LzP1WkaE0LaMQ; path=/; expires=Thu, 18-Apr-24 11:08:11 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061819bd0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/62791.6f1623a5c.css

154.197.121.128

200 OK

14 kB

URL GET HTTP/2
1win-cdn.com/css/62791.6f1623a5c.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ASCII text, with very long lines (13874)
Size
14 kB (13875 bytes)
Hash
bbbf01a12ae77086ddddb2ade5cf4717
79b6c7b33e17c98d10502f36e9605963228bc158
cb378c66417ceb4744710d3fe7a59c95e579fdea682446f8d7960b66ef9ee12d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/62791.6f1623a5c.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: text/css
last-modified: Mon, 08 Apr 2024 09:34:39 GMT
etag: W/"6613ba2f-3633"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 855742
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406220eaf0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/kalamba.6e06f7faa.svg

154.197.121.128

200 OK

2.7 kB

URL GET HTTP/2
1win-cdn.com/img/kalamba.6e06f7faa.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2716 bytes)
Hash
7c40c808f85699562366c94d8075727c
daba803ead149eec52b19b82e57afa940922e3c1
8b130bc8c17d44e469cdaabdb68bf8bd4fd819a3763227a6c5601b28a637b8d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/kalamba.6e06f7faa.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-a9c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624eac30b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/160b2d3a-1db9-471b-a9c4-83ea3a2d31ed.png@avif

188.114.97.1

200 OK

5.3 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/160b2d3a-1db9-471b-a9c4-83ea3a2d31ed.png@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
5.3 kB (5252 bytes)
Hash
1951ad3aafb99d9e7956d695591e4bf8
50013b13b0550de1e1269c3871dc0fd39d6acf9d
24cdcf2db24562ff39f9183c9268aadc667ed26cefdfc2f2af5fa4cdbd65e859

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/160b2d3a-1db9-471b-a9c4-83ea3a2d31ed.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 5252
cache-control: public, max-age=31536000
content-disposition: inline; filename="160b2d3a-1db9-471b-a9c4-83ea3a2d31ed.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YTkyYzhiLTNkNjY3Ig"
expires: Thu, 25 Apr 2024 10:37:12 GMT
x-request-id: HxtL-DLfa3F1Mhi1Qyf9v
cf-cache-status: HIT
age: 62
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pm5tv827Fbqn15Z65lBbpxxmQSU8OQrc4F7JNNDAwWKpYWgRNAXZ9cXorKklhz%2FhGdWt6fyUW9IEtqXL7sKXUam%2BXRgzClZCqC3yJ%2FQi02UDkZXoclxAa98KNfGXIVpAgz%2BfodwqNV8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062d1849569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/1279.7681fe15f.js

154.197.121.128

200 OK

911 B

URL GET HTTP/2
1win-cdn.com/js/1279.7681fe15f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (929), with no line terminators
Size
911 B (911 bytes)
Hash
3a0fd7772f5d3cd77c17b49876743f78
3eb84478f6c0ac3009e81576caf8fa6ddf4e2c5a
5d5a4e691e8df7115cff0e7b2b76131b7b633ce30509dc61fdf36c9ab36989a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/1279.7681fe15f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38f"
expires: Sun, 16 Apr 2034 10:38:13 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227720
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640627eea30b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wytvn.life/affiliate:link_visit?visit_domain=1wytvn.life&sub_ids=undefined

190.115.24.78

200 OK

37 B

URL GET HTTP/2
1wytvn.life/affiliate:link_visit?visit_domain=1wytvn.life&sub_ids=undefined
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerLet's Encrypt
Subject1wytvn.life
FingerprintA9:AA:3C:AC:93:FF:91:3E:55:61:68:A8:D6:9F:FF:CA:D5:F3:72:21
ValidityTue, 16 Apr 2024 09:15:26 GMT - Mon, 15 Jul 2024 09:15:25 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
37 B (37 bytes)
Hash
2f6af1a09e6d352c1603fe2326189744
baed183cee7c7fd534e8519a683c9f398e696329
7dbce63a298c62ef7fd9b97b1512bcfc0fb402338670dbd194362e0ffac42458

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /affiliate:link_visit?visit_domain=1wytvn.life&sub_ids=undefined HTTP/1.1
Host: 1wytvn.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wytvn.life/casino/play/aviator]
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=UOkV9RkTrxoNWP2oBlGL; visit_domain=1wytvn.life
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.80.180:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

1win-cdn.com/js/39061.b6ef077a8.js

154.197.121.128

200 OK

92 kB

URL GET HTTP/2
1win-cdn.com/js/39061.b6ef077a8.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
92 kB (92457 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/39061.b6ef077a8.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-16929"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241665
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406221ec30b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/superlotto.0b2069aeb.svg

154.197.121.128

200 OK

7.0 kB

URL GET HTTP/2
1win-cdn.com/img/superlotto.0b2069aeb.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
7.0 kB (6997 bytes)
Hash
128046b1d7f6f312cc287763f0c22336
4d2984a448e97d8b6e5b34a4c9fd08dfceb6f4a1
8531767fbaba9dae9a2f659ba50799bef2f9f0c207105bd1010f5e0a12b84f89

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/superlotto.0b2069aeb.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1b55"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640625fc1c0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/speed-and-cash.dffacd6c5.svg

154.197.121.128

200 OK

24 kB

URL GET HTTP/2
1win-cdn.com/img/speed-and-cash.dffacd6c5.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
24 kB (23479 bytes)
Hash
3c62bcde419e822cfa55d45a05fa112d
77631a7cbc25e1d4567b72cc5b8c4acb43c7eb38
feb59050cb394075bb3efee348121151a8a214d673e69b1a3b8021e85a46c5f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6991
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061fabde0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/jetx.64787fc5c.svg

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
1win-cdn.com/img/jetx.64787fc5c.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
13 kB (13301 bytes)
Hash
0046061bb77d38094cc0f71b7371d406
1fd7894d0117251f1eeec1a343b85532d7864a05
bac9b1ac206602f5369235b21d6373b9b6f7980ff55c4e851d8a40f00db4d0fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6991
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061fbbe40b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/spribe.7ce760055.svg

154.197.121.128

200 OK

1.7 kB

URL GET HTTP/2
1win-cdn.com/img/spribe.7ce760055.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.7 kB (1704 bytes)
Hash
33a9e45726e8faebc5b2e6d77375cd5e
cfb38d5cee2ec3a48d5bfa1a3b9c3806557dcb6f
1645b2d498bc98d5a05875f6d2d3681236d254cc2f8837965c925e511db72df1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spribe.7ce760055.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-6a8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2706
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640625dbf90b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/upgaming.242b9e921.svg

154.197.121.128

200 OK

4.8 kB

URL GET HTTP/2
1win-cdn.com/img/upgaming.242b9e921.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
4.8 kB (4764 bytes)
Hash
aeb4cc1caa82c4f55b3598ea0c7003fd
8c1eec585578ba1c3803b2d6b724d67cb8e3de25
236f3b8b8aad7f6ad5e23aa1eaf555fb7420d9dd6eb1df70e7957b1707554982

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/upgaming.242b9e921.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-129c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406262c5d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/wazdan.1cf2cebcc.svg

154.197.121.128

200 OK

2.0 kB

URL GET HTTP/2
1win-cdn.com/img/wazdan.1cf2cebcc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.0 kB (1981 bytes)
Hash
f19410782a9e906c5987a9ec3dec0a8e
9df4dc8c8b7defde41a5caea964099dd1c882245
728bdcd00db7137c2e314ddf1f2dbe368b5a66d31ff5ccf0ca8e8ba83e3da5c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/wazdan.1cf2cebcc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-7bd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406263c710b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/56476.aa39174a9.js

154.197.121.128

200 OK

9.4 kB

URL GET HTTP/2
1win-cdn.com/js/56476.aa39174a9.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (9758), with no line terminators
Size
9.4 kB (9435 bytes)
Hash
3e45cfde475e1c582ecb4f397b0f3e5b
8dd3e8b9b97b060eb6209066b8236d43ae208b27
42f947a28114b31f47307d3ce3e0b97d40312ce9683a34569cf2319662f3c1d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/56476.aa39174a9.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-24db"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241665
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640621fe9c0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gamomat.593230062.svg

154.197.121.128

200 OK

643 B

URL GET HTTP/2
1win-cdn.com/img/gamomat.593230062.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
643 B (643 bytes)
Hash
bfaa3d42e6ab264b9080e74f867e85de
5026f5b14a42af9eaaf3d09468fa27728287cdae
9911098f481a732b6e8ae3ff8ce922ae03f087eba0d8359f1ad1a23b8a71e630

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gamomat.593230062.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-283"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624aa750b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/netent.95417a961.svg

154.197.121.128

200 OK

1.0 kB

URL GET HTTP/2
1win-cdn.com/img/netent.95417a961.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1015 bytes)
Hash
24c2a93da817e20deb8796b20655510d
e0e0acc2a55fd9623907272dac8f96c8f30360c6
01707112895fbab90532a0afbe23c9ec0402c8f73656fb87e74eca54550a5bcf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/netent.95417a961.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-3f7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624faf20b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/onlyplay.1c7a3c455.svg

154.197.121.128

200 OK

1.7 kB

URL GET HTTP/2
1win-cdn.com/img/onlyplay.1c7a3c455.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.7 kB (1709 bytes)
Hash
c3e69f9fed9cc0cf56f269a871ebf7b8
24c64655556df116228009b2d0e64950404e45a2
c983a2f37ed5b2c73940d48dc81e885d6fa8136a5e0f3399e426e427dd7ff5ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/onlyplay.1c7a3c455.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-6ad"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406251b190b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/thunderkick.6962312e1.svg

154.197.121.128

200 OK

841 B

URL GET HTTP/2
1win-cdn.com/img/thunderkick.6962312e1.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
841 B (841 bytes)
Hash
ee06089b308c5065a8e92a32b7b38686
2e83ac75ceb109c245525a733cfb3efc97cc42bd
24c651706b7981a60f137cc5b44b8d28dd81116565ffbdaef6687c8b41e4da21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/thunderkick.6962312e1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406260c2d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wytvn.life/common/title?path=casino&lang=en

190.115.24.78

200 OK

29 B

URL GET HTTP/2
1wytvn.life/common/title?path=casino&lang=en
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerLet's Encrypt
Subject1wytvn.life
FingerprintA9:AA:3C:AC:93:FF:91:3E:55:61:68:A8:D6:9F:FF:CA:D5:F3:72:21
ValidityTue, 16 Apr 2024 09:15:26 GMT - Mon, 15 Jul 2024 09:15:25 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
55d138477f5d21b2864ed51b2aa3b446
f493c01dcf90c45f2334b9ca47839ce0a014222b
456ce42d8f0a396a6549e0fc1e00649162a0391884d40a887f013a53f681f37b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/title?path=casino&lang=en HTTP/1.1
Host: 1wytvn.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/casino/play/aviator]
Cookie: __ddg1_=UOkV9RkTrxoNWP2oBlGL; visit_domain=1wytvn.life; ph_phc_g0UTdOPocaIsKP6mrNYRhKJrTmq7XwcuBgfYvKmPnj6_posthog=%7B%22distinct_id%22%3A%22018ef0c9-0c58-7f49-9681-ef71693e1143%22%2C%22%24sesid%22%3A%5B1713436691601%2C%22018ef0c9-0c91-7a05-8955-fac46a7c9f02%22%2C1713436691601%5D%7D; core-sticky=http://10.233.80.180:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJiYjFlYjkwNy0zYzA4LTQ4NjQtODE1Yi01NzM3NzNjYzNiYzQlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzEzNDM2NjkxNzUxJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxMzQzNjY5MTc5MiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"25-bM/5z02X/xOkKbh8eZCiJpcKcd0"
vary: Origin, Accept-Encoding
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/73650.c53450864.css

154.197.121.128

200 OK

319 B

URL GET HTTP/2
1win-cdn.com/css/73650.c53450864.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ASCII text, with very long lines (320), with no line terminators
Size
319 B (319 bytes)
Hash
71b1b45a5dbb0abfffea6576dd8df469
30fd1e09435dc1595e162e0605a4f131a15c5795
2f6a4b62b778588436614e9d61687354ca230125a3ea885398556d136a345436

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/73650.c53450864.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-13f"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1190366
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406209d090b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg

154.197.121.128

200 OK

1.0 kB

URL GET HTTP/2
1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1023 bytes)
Hash
923ec09a017c369d475682b8b60fe652
f2a4cf5f06644b65bb3df522652a41a2b09c2aa9
7dd1302808a915df5f6af1480cd4fc562a8ad77550aa3ec0a32d5663d8d6afc6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640621be430b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/games%20inc.64fb099a0.svg

154.197.121.128

200 OK

695 B

URL GET HTTP/2
1win-cdn.com/img/games%20inc.64fb099a0.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
695 B (695 bytes)
Hash
3d90ca2a78e19006ff1926510ed316d4
0becc591fcf773fa9e56396884dfd0f963a46e73
e7d7da9c1e3909de31009cba4f854e960403196039b489c7e42d4d6ad3acec0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games%20inc.64fb099a0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-2b7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406248a460b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/reelplay.06dc7f4c0.svg

154.197.121.128

200 OK

25 kB

URL GET HTTP/2
1win-cdn.com/img/reelplay.06dc7f4c0.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
25 kB (24761 bytes)
Hash
b322085b94eec118c20d5acba9ea8465
616f9440231bd629e6d2b6aea1d1baac51386151
542c8ac685d4bf37c20fe8c1b758db347c1300495f467ee0cf4d335239c42b26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/reelplay.06dc7f4c0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-60b9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406256b7b0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wytvn.life/casino/play/aviator]

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/img/cool%20games.019d15340.svg

154.197.121.128

200 OK

3.6 kB

URL GET HTTP/2
1win-cdn.com/img/cool%20games.019d15340.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
3.6 kB (3603 bytes)
Hash
c3efa9849696becabebca718837f0827
96c9a9ae1bcc9e9b7ca05f52c14a1dc0cd986653
ee6d141e322862aa269184cbe47e86f7e8882b13966a905121857502eaa1a8fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cool%20games.019d15340.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-e13"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640623b94a0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/fazi.19d7f4b72.svg

154.197.121.128

200 OK

645 B

URL GET HTTP/2
1win-cdn.com/img/fazi.19d7f4b72.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
645 B (645 bytes)
Hash
c2948d97afb6d8e1cf8e7b50b62a9272
a1607553e252407e35addae9b48c1cedfeebd048
309347ec479f691cb02b9aaac9c06aea9cbefa075c591a35b0651e8928e64792

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fazi.19d7f4b72.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-285"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5311
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406244a0d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/spadegaming.8dc1e9a8e.svg

154.197.121.128

200 OK

3.8 kB

URL GET HTTP/2
1win-cdn.com/img/spadegaming.8dc1e9a8e.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
3.8 kB (3805 bytes)
Hash
747a1c4577c4f0216b3c2312e11b1950
c38313a9fb030d29f16ed7bbc1dab939a874aff5
e6e69bc9af907311e8e0d47d368dc74a985349748dc05803b4717e4aa8a3f6c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spadegaming.8dc1e9a8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-edd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640625cbe80b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/revolver.25aaacada.svg

154.197.121.128

200 OK

3.9 kB

URL GET HTTP/2
1win-cdn.com/img/revolver.25aaacada.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
3.9 kB (3880 bytes)
Hash
49db2026a7b56b5525113dde1df88e5f
145eaf3e89aaa41bc641b6cfd321d900f74065d6
6f0a14e96df44350c7101bb3382f02983f1eb98fced9d4309cf99b2210a96adc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/revolver.25aaacada.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-f28"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406257b860b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/56657.79f59e0fd.js

154.197.121.128

200 OK

48 kB

URL GET HTTP/2
1win-cdn.com/js/56657.79f59e0fd.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
48 kB (48486 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/56657.79f59e0fd.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-bd66"
expires: Sun, 16 Apr 2034 10:38:13 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 233513
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406271da60b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/100hp/cf172287-80af-4bda-b8db-d310d561a47e.jpg@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/100hp/cf172287-80af-4bda-b8db-d310d561a47e.jpg@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/100hp/cf172287-80af-4bda-b8db-d310d561a47e.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js

142.250.74.131

200 OK

511 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
JavaScript source, ASCII text, with very long lines (554)
Size
511 kB (510578 bytes)
Hash
e9ccb3dbde79ba5ffdf9cad4b32d59fd
3a8cd67adc7c885bdf683f1e7f491e6a4a50679f
8f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137

HTTP Headers

GET /recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wytvn.life
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 203369
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 12 Apr 2024 15:10:08 GMT
expires: Sat, 12 Apr 2025 15:10:08 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 29 Mar 2024 04:30:36 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 502087
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

eu.i.posthog.com/decide/?v=3&ip=1&_=1713436691547&ver=1.126.0&compression=base64

3.125.75.228

200 OK

505 B

URL POST HTTP/2
eu.i.posthog.com/decide/?v=3&ip=1&_=1713436691547&ver=1.126.0&compression=base64
IP
3.125.75.228:443
ASN
#16509 AMAZON-02

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerAmazon
Subject*.i.posthog.com
Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67
ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (549), with no line terminators
Size
505 B (505 bytes)
Hash
f6979cb8cba62aa7b6e613bd7f7a1d88
fbc60ed9ec74a637c060acdbe79cc56311520dc8
9f8fba1211d92ea0d3de72c4871b9990bf6a85465bfbd8eb4a13854096ed35a9

HTTP Headers

POST /decide/?v=3&ip=1&_=1713436691547&ver=1.126.0&compression=base64 HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 177
Origin: https://1wytvn.life
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: application/json
access-control-allow-origin: https://1wytvn.life
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
server: envoy
x-envoy-upstream-service-time: 26
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

eu.i.posthog.com/e/?ip=1&_=1713436691610&ver=1.126.0&compression=base64

3.125.75.228

200 OK

13 B

URL POST HTTP/2
eu.i.posthog.com/e/?ip=1&_=1713436691610&ver=1.126.0&compression=base64
IP
3.125.75.228:443
ASN
#16509 AMAZON-02

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerAmazon
Subject*.i.posthog.com
Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67
ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
6890d920ac57c0903201ea84ecff6350
90b353103f5b99d1ec445372ecd1fdb388cc6401
b954598e1c0aca3614d685f546b623b9b09071730f110476c232193304bba1a4

HTTP Headers

POST /e/?ip=1&_=1713436691610&ver=1.126.0&compression=base64 HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1475
Origin: https://1wytvn.life
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: application/json
access-control-allow-origin: https://1wytvn.life
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
server: envoy
x-envoy-upstream-service-time: 9
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

1win-cdn.com/img/evoplay.cfa676ca9.svg

154.197.121.128

200 OK

2.6 kB

URL GET HTTP/2
1win-cdn.com/img/evoplay.cfa676ca9.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2596 bytes)
Hash
7b4d8b1998ceae4f1e4defe0e5b322a9
b60d4fa2033a28349d7920647907368835ab514d
ba06d2a9476e9302fb1576b656f6c522ada52d31d30e9461649e874207ca18bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/evoplay.cfa676ca9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-a24"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406244a030b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/salsa.8d18d113d.svg

154.197.121.128

200 OK

4.5 kB

URL GET HTTP/2
1win-cdn.com/img/salsa.8d18d113d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
4.5 kB (4487 bytes)
Hash
8ddc56d0a9c2b1ae996c3521eddfae36
db430c81bcb0d7090c4067b858c8d48f0ba5d320
08bcd575204796b49e6590b14d0aef61c53647132f039606f45957b971c37844

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/salsa.8d18d113d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1187"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406258b9f0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/spearhead.27c37f3dd.svg

154.197.121.128

200 OK

1.2 kB

URL GET HTTP/2
1win-cdn.com/img/spearhead.27c37f3dd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1194 bytes)
Hash
b7d0037b4b499acbf11a3a7d22d9f7e8
b4a122e841ea28158af2f35adaf0b802713ffda3
aaa2c2f064d9c7709062169ce8ef64c7e6158b89d6700351c1be538cb0bdc0fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spearhead.27c37f3dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-4aa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640625dbef0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/60609.5ed8b9fec.js

154.197.121.128

200 OK

623 B

URL GET HTTP/2
1win-cdn.com/js/60609.5ed8b9fec.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (649), with no line terminators
Size
623 B (623 bytes)
Hash
9188b65f1f1e4829d2d3b88925767e57
c21f94f423f48725cd29d800b45852c170e935dd
4d4c8a7df6aba520d0ee270fab5f306f29a0a564d060eb49d04d29eb18dcfd98

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/60609.5ed8b9fec.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-26f"
expires: Sun, 16 Apr 2034 10:38:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1226126
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062fdc800b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/desktop.ec875fd7a.css

154.197.121.128

200 OK

75 kB

URL GET HTTP/2
1win-cdn.com/css/desktop.ec875fd7a.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
75 kB (74927 bytes)
Hash
7b58f97ba5cb52fd4f24c8f4e9097972
f7452fe4d2f20eaf1db1d79bdc8902820818e324
c2a3227dc87a41246c04fcf01def6d4ab41297ffb59171ec465beaee627f68e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/desktop.ec875fd7a.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-124af"
expires: Sun, 16 Apr 2034 10:38:11 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227725
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406197ba80b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/48430.9af74daeb.js

154.197.121.128

200 OK

1.2 kB

URL GET HTTP/2
1win-cdn.com/js/48430.9af74daeb.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1192), with no line terminators
Size
1.2 kB (1174 bytes)
Hash
13ee598a8e47be5a3df2543dc3171f75
630992d944c63ecf139694eb2e3e5ac0047bd23d
602ae541f8651417c75bee8a5666440303481bf090e791bad62894339350c339

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/48430.9af74daeb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-496"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227719
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061f0b2b0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/39769.f5dc245b0.js

154.197.121.128

200 OK

672 B

URL GET HTTP/2
1win-cdn.com/js/39769.f5dc245b0.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (696), with no line terminators
Size
672 B (672 bytes)
Hash
dfd1383be2ed3afed80474e35a40c4ae
db2a457c8f9dfbdf06f391cd286454354c17af93
a7455bb6e1d4b4db4588f981f4f0976c6c84edd68fa2cd5282f4405866028ed9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/39769.f5dc245b0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2a0"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1216232
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061f9bc70b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/57460.093f52cba.js

154.197.121.128

200 OK

438 B

URL GET HTTP/2
1win-cdn.com/js/57460.093f52cba.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (460), with no line terminators
Size
438 B (438 bytes)
Hash
6dec8ed713dfd3300ca7f2907fe2f259
a467664dd1f209c8b7360ae5088144073d4b6272
a359d5ee11e7b5c08922355687a9b639fb2d73f1a259db499e935d49dfba9386

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/57460.093f52cba.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1b6"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227717
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640622cfcc0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/leap.f4cfad944.svg

154.197.121.128

200 OK

2.5 kB

URL GET HTTP/2
1win-cdn.com/img/leap.f4cfad944.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2461 bytes)
Hash
9129fc106fce1317a16bb3acbd708de8
64dead6ad9646ce68218ae82cf9d369811d3b88d
993824f1fe4aa4c5c4132998d9b0a11fb719a92494f86e32d015a980473a59af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/leap.f4cfad944.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-99d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624eac90b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/3fe8fa35-8b92-482b-868f-72645b4c2334.jpg@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/3fe8fa35-8b92-482b-868f-72645b4c2334.jpg@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/3fe8fa35-8b92-482b-868f-72645b4c2334.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/js/89004.f9fc8712e.js

154.197.121.128

200 OK

474 B

URL GET HTTP/2
1win-cdn.com/js/89004.f9fc8712e.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (492), with no line terminators
Size
474 B (474 bytes)
Hash
7864d994328b2509ed89d013a57c6779
f85a4f2a55d3a55f764f2cabeb342b64b6f78e67
180ccf548c0851cc325820fb8c9841e8913b11856c62894ce2bf023fd87c1f02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/89004.f9fc8712e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1da"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 523530
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406207ce20b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/1670.fbaee7667.js

154.197.121.128

200 OK

8.9 kB

URL GET HTTP/2
1win-cdn.com/js/1670.fbaee7667.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (9098), with no line terminators
Size
8.9 kB (8882 bytes)
Hash
f8d0232278dc550df90e6896d6ae590e
d93bf8a3d9ca5f47b97c0c9f3051d15304788ffa
82b4d66b360f4ea8d4567426ecf5aa3ef5eff5a3b237ee49658f505d56531afb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/1670.fbaee7667.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-22b2"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241354
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640621fea80b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/boldplay.70a46bd71.svg

154.197.121.128

200 OK

4.7 kB

URL GET HTTP/2
1win-cdn.com/img/boldplay.70a46bd71.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
4.7 kB (4668 bytes)
Hash
b9145dace81bbcbef7d60609e72c9c63
c182aef9dae96fe22563e38cf8ad0bd5cfb9f588
8efe8d59068c4a443da7fca222bf01d3a94a01db7c7ace4463c434ff0aa93235

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/boldplay.70a46bd71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-123c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062389020b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/cyberslots.988fdd12e.svg

154.197.121.128

200 OK

2.3 kB

URL GET HTTP/2
1win-cdn.com/img/cyberslots.988fdd12e.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.3 kB (2305 bytes)
Hash
aeeace00abaabb5ae6a47e900873f09b
d6e4385ea3efcfbfba30b6f0a58ea08ec9a11a95
0c1fdd20cf809c07733b67a12eb0f3cdc88a57ebcbb2ba293a717b4b9b3865ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cyberslots.988fdd12e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-901"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640623e98e0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gamebeat.5649e97f9.svg

154.197.121.128

200 OK

1.1 kB

URL GET HTTP/2
1win-cdn.com/img/gamebeat.5649e97f9.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1138 bytes)
Hash
f47237dc478a7b0d1ed4d2687cc13396
66ce5afa1722b78b22858e1ae057290f36a13c81
af0e90737145635ae2a9807d550dfc2bd2746cbc50f74b828a3aa4c0e9a8ca19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gamebeat.5649e97f9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-472"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406248a410b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gaming%20corps.5c3f3647c.svg

154.197.121.128

200 OK

1.9 kB

URL GET HTTP/2
1win-cdn.com/img/gaming%20corps.5c3f3647c.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1936 bytes)
Hash
ddcf2a0ddef8449807db0b7419c39291
9757b762ac3efb096bd45b869ee4d06565a1e9c2
f03dab28c20b3b25823b4b64bbd27953a463c5e9bd7b5bcfa12930f6793fb1e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gaming%20corps.5c3f3647c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-790"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406249a660b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/habanero.92654c79c.svg

154.197.121.128

200 OK

3.6 kB

URL GET HTTP/2
1win-cdn.com/img/habanero.92654c79c.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
3.6 kB (3561 bytes)
Hash
9d25ca67fcccda561c314873654994a8
0e5592059d8c6114a25d0affd4af7e50e44d36af
e43f0e0abd0ae12393dc2b91c459fdcf045669e63be099f9cb44cd37904bd761

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/habanero.92654c79c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-de9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624caac0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/3fe8fa35-8b92-482b-868f-72645b4c2334.jpg@avif

188.114.97.1

200 OK

7.9 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/3fe8fa35-8b92-482b-868f-72645b4c2334.jpg@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
7.9 kB (7931 bytes)
Hash
9178ecff257eacdeb0660ee4415072e9
aea49653ad4fe59a91ddd39419f27bc1813f8cef
d0c8dae0582ad55c4ad7a74efa816f3d74ca15abf3e3872475b712094c51324b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/3fe8fa35-8b92-482b-868f-72645b4c2334.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 7931
cache-control: public, max-age=31536000
content-disposition: inline; filename="3fe8fa35-8b92-482b-868f-72645b4c2334.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ZGRkODViLTFiNWM3Ig"
expires: Tue, 23 Apr 2024 14:30:06 GMT
x-request-id: LboQqUQpB9YmnueFzQIe5
cf-cache-status: HIT
age: 158888
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Ep8MdJoo5mWphD2IxP6wf80LLXZXY2PUE31AAtMkBjBMcH6PJ28cmJW7BKED%2BWg7%2FCgaNQSU76h585VRbdhqg1W8s35IX3ciqmzyIa4IwqM5I4KIUZIJz%2FiFZwJ0rEcxcwFIEiyZZA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062c1ec1569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/33700.8f8589382.js

154.197.121.128

200 OK

992 B

URL GET HTTP/2
1win-cdn.com/js/33700.8f8589382.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1010), with no line terminators
Size
992 B (992 bytes)
Hash
7a56ca20c70147de869fb6f869c24757
8ba632a6c326ca6152d0c51a202527013eeb42f4
543572cbc25b63dbaf723d527cdb47a50c56655698f3eae1708b30e881429640

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/33700.8f8589382.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3e0"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227719
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061f1b370b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/edict.ca67383de.svg

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
1win-cdn.com/img/edict.ca67383de.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
13 kB (12806 bytes)
Hash
7794e14088c92dc44e186b65dfd0782b
f81ec0b93e38339b2e2f8f94d2f7c568b8943fff
c7f35f1baf838b1d2df12f6f0c9ec002d9fc4f57fcee414b74fad3cabb71864a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/edict.ca67383de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-3206"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062409ac0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/spinmatic.f74cf69af.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
1win-cdn.com/img/spinmatic.f74cf69af.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2157 bytes)
Hash
12c6733c47b71d93b36447dcb999d080
f6440015ef35215d9009b4f08340145df1f7d9e1
fb365d3e4d36a26db4aae3e00690d0b35f5289b5e80c371ed687b7239be22f07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spinmatic.f74cf69af.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-86d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640625dbf20b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/1win%20games.9b8574150.svg

154.197.121.128

200 OK

1.6 kB

URL GET HTTP/2
1win-cdn.com/img/1win%20games.9b8574150.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1603 bytes)
Hash
50dad4fc2924bcfbb1745e9351fc32bd
e71c68d2d20f197e3d4645e4d791436496b4528d
98974ebbc36d921b989f19beb197990dec088ab52912315b8a7854f4a8a871a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1win%20games.9b8574150.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-643"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6991
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640622af810b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/68578.08cd62539.js

154.197.121.128

200 OK

2.1 kB

URL GET HTTP/2
1win-cdn.com/js/68578.08cd62539.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2199), with no line terminators
Size
2.1 kB (2099 bytes)
Hash
443c37149beb03a5e14b47aff568a1a6
9d1f8f2aefe39f7fcd8b9e4f61e364b51057878f
4f00e6bfc5f4c65e7e63f563c27a8340f008d77c7935b0f6ecefa4b6e50cabfe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/68578.08cd62539.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-833"
expires: Sun, 16 Apr 2034 10:38:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1219154
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062b0b940b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif

188.114.97.1

200 OK

6.1 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
6.1 kB (6121 bytes)
Hash
172757f78e8e2026f280f94f4d032035
17cea3940511dbbbb5077e78e28ddadef3090931
f0480a63411ce5b83d0c87ea580863a1a6908dc635db4309719cf9119d3df28f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 6121
cache-control: public, max-age=31536000
content-disposition: inline; filename="61ea6817-a009-4c14-94a8-2d97fb8082c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODk1MmJlLTZhY2Q4Ig"
expires: Wed, 24 Apr 2024 20:17:42 GMT
x-request-id: 6wlhy8CqiNIlKW3HNigYq
cf-cache-status: HIT
age: 51632
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=94ezISLl38Yr89I%2BxXWyFijUFvVm2YefgrpZy7tkXh4HjbYOsnOhsN0BJXx%2FlWnpnv9QunFLrqLfC2ihX4lLZ5I4M0EjWsV11BGrePvUYJb%2BznWfcs%2Bau98GqesihNXkGHuM1P6NSU4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062c0e96569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/86359.48c462178.js

154.197.121.128

200 OK

634 B

URL GET HTTP/2
1win-cdn.com/js/86359.48c462178.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (654), with no line terminators
Size
634 B (634 bytes)
Hash
33a83c5ac34b557d3037a52c8dead1fe
6bd3202d3720d8c86a84a63f1975b5d53d044ef9
7eb34e53490cdfe14b7d40ae44b2bf4e92d10e204114c1bf5352f6a66c587b8b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227719
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061f0b190b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/betsoft.cc500155f.svg

154.197.121.128

200 OK

4.7 kB

URL GET HTTP/2
1win-cdn.com/img/betsoft.cc500155f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
4.7 kB (4742 bytes)
Hash
fa91200f1738243c9a1bf9ebf853c238
43a438416c285aaf55c7f2edb2676616ffa0c838
9235396681ab2e82a2b5ce89e4f2e711f69cde3f6fb83af4050e110c4a55d3c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betsoft.cc500155f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-1286"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5311
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062368be0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/onetouch.b026a50c5.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/onetouch.b026a50c5.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2394 bytes)
Hash
f04cb7d15621db8eda5af2216a4f824f
a0aa7231bfbe4ddc48be81716c3b31ba5c1702ec
de4ec671f76aa1afb93d074c5ea3b64d3d759cf404a142b359be0d9fccedb84e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/onetouch.b026a50c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-95a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406251b150b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/thunderspin.2d11ae63d.svg

154.197.121.128

200 OK

2.5 kB

URL GET HTTP/2
1win-cdn.com/img/thunderspin.2d11ae63d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2520 bytes)
Hash
604f41c295f537f07943cfe15d6f15f2
ab1b0075af6b7a8c6aa80eaa1ffbec9931a09369
9a89dee21e4f99f3d08e324ca4d4c6b1c08f3acc53bbc9027d57757359734198

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/thunderspin.2d11ae63d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-9d8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406260c2f0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/66512.d3b9afb82.js

154.197.121.128

200 OK

759 B

URL GET HTTP/2
1win-cdn.com/js/66512.d3b9afb82.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (777), with no line terminators
Size
759 B (759 bytes)
Hash
cb6fca85eef64397cba0320543b40d92
8832706404854e9b78dda970c87d17a0629016bd
7bf26beea8948e6afad264491eb02a264a252fb30c6a620c178a27b2a1477a65

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/66512.d3b9afb82.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2f7"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1219153
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061ffc470b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/pragmatic.2e7a96b71.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/pragmatic.2e7a96b71.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2387 bytes)
Hash
0318d08339acfa9fb15b1f56bb22b145
caa87d78a9c14af0beeb66733294652e6b1627b8
24fe7388e4f3fc5ddea45e6369a02683ca4ecbe85d5e18c8f67d47a69709cea9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pragmatic.2e7a96b71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-953"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7111
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406255b5c0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/swintt.7c851d380.svg

154.197.121.128

200 OK

427 B

URL GET HTTP/2
1win-cdn.com/img/swintt.7c851d380.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
427 B (427 bytes)
Hash
90e9054f87471fee18244fbfaa5c2434
e4f14ab709714096c57f1e9941c4f28aacdae8f0
b0bec97d4b607d5aafa8a013b13b9cd75579c41d514ddba2caa53070867e95ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/swintt.7c851d380.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-1ab"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640625fc1f0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bgaming.ae3573ff9.svg

154.197.121.128

200 OK

4.0 kB

URL GET HTTP/2
1win-cdn.com/img/bgaming.ae3573ff9.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
4.0 kB (3997 bytes)
Hash
f2081caf12b5dad178e766a8bd906e19
5ffdd19030dd7868b979fa8c19243e62b70eabb8
ac0b648f44a2ab64ba3f4e7517ebbe6ba9ff28082268f67b9afebc0d8d38e884

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bgaming.ae3573ff9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-f9d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062368c60b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/platipus.dd3b50ce6.svg

154.197.121.128

200 OK

3.7 kB

URL GET HTTP/2
1win-cdn.com/img/platipus.dd3b50ce6.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
3.7 kB (3716 bytes)
Hash
47208726d4dd191a03af9229fc538eb2
0ef7c3f6b3788794db7709213ecaee1b7558a5c2
b27442adef75a0afbde2ad9cacddd4d871e0a302390e6e860c59d627013b32f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/platipus.dd3b50ce6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-e84"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5311
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406252b240b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/tvbet.fea6d0222.svg

154.197.121.128

200 OK

9.4 kB

URL GET HTTP/2
1win-cdn.com/img/tvbet.fea6d0222.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
9.4 kB (9418 bytes)
Hash
daf98e0c0d45cb1db158d09bd07e4959
2c28a0c557fb1cf89267d49d2d5ff2a958f896c9
e3f1319aa5c6feb25f6b42156eda20d784b7a7fa6ed97488292a7f5e23b44ab4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/tvbet.fea6d0222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-24ca"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406261c530b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/63502.6c3848d73.js

154.197.121.128

200 OK

422 kB

URL GET HTTP/2
1win-cdn.com/js/63502.6c3848d73.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
422 kB (421690 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/63502.6c3848d73.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-66f3a"
expires: Sun, 16 Apr 2034 10:38:11 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 968
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640619fc390b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/8726.6a357273b.js

154.197.121.128

200 OK

664 B

URL GET HTTP/2
1win-cdn.com/js/8726.6a357273b.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (682), with no line terminators
Size
664 B (664 bytes)
Hash
2e216c1b879ec285c8c32567174c9af4
e1e1af06fe2299d4a230eb5467395ef6bf3354cc
2e286b2372f85cadaa903f3189b912a18def9e9c561f6b4121af91682164cca2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227719
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061f7b920b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/fantasma.8f4e2392c.svg

154.197.121.128

200 OK

3.4 kB

URL GET HTTP/2
1win-cdn.com/img/fantasma.8f4e2392c.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
3.4 kB (3380 bytes)
Hash
2b6e488681e5af743e430cce2f0c2187
5a3102291017d617e6346a59664b1ec7eece4423
f34079a7f0c56e9ef5af475418998e11aa38c64bf4900827c830263eb9e8ac11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fantasma.8f4e2392c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-d34"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406244a0a0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/worldmatch.9f3d40aa7.svg

154.197.121.128

200 OK

522 B

URL GET HTTP/2
1win-cdn.com/img/worldmatch.9f3d40aa7.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
522 B (522 bytes)
Hash
c3aab966ecda4dadceb7b556b4205478
e8e501768b244593d7e5a59b6a7cf77e3b0d4581
ba1ec219d7a5dafe4c7ce5aa35171278f90b26d55c3ce4b1fd2474ce69487bf1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/worldmatch.9f3d40aa7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-20a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5311
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406264c790b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/betsolutions.5d0a153ca.svg

154.197.121.128

200 OK

1.6 kB

URL GET HTTP/2
1win-cdn.com/img/betsolutions.5d0a153ca.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1565 bytes)
Hash
066b7782f9f8acb732cd85f2df1344ac
7bb3c193cb5dd835fec3e3ce7ed032be4200afc9
95ee3f610ca3eb081f9fd0b7c61dc40ea0e5f470b0ba72dee69c1a06a9198e35

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betsolutions.5d0a153ca.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-61d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062368bf0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp

154.197.121.128

200 OK

25 kB

URL GET HTTP/2
1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (25292 bytes)
Hash
1f85b44a5305e8928fcae8922301d92a
7ecc0724a7560af7c4debc83014bab875eba685b
660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/webp
content-length: 25292
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: "6620e289-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1971
expires: Thu, 18 Apr 2024 14:38:14 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062a8ac00b55-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/18860.d3e8c1777.js

154.197.121.128

200 OK

28 kB

URL GET HTTP/2
1win-cdn.com/js/18860.d3e8c1777.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
JavaScript source, ASCII text, with very long lines (27990), with no line terminators
Size
28 kB (27990 bytes)
Hash
4b143001b05330bb316fe6b48531dbb6
ffa1e8fc89a58cf47350481057028603fe7fff91
d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/18860.d3e8c1777.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-6d56"
expires: Sun, 16 Apr 2034 10:38:11 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241665
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640619fc2d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/cq9.5d5072e17.svg

154.197.121.128

200 OK

4.6 kB

URL GET HTTP/2
1win-cdn.com/img/cq9.5d5072e17.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
4.6 kB (4619 bytes)
Hash
47469c2cd9d79b1305e3e02f76d0dc24
d63ca4b97bbdd2533e5c1ac86bacd621a4150410
cbdced2050313c54915ec2417995b7de59675fffbbedf861202570a6e4ad5536

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cq9.5d5072e17.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-120b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640623b94d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je44f0v894728184z8894400803za200&_p=1713436692200&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=716980357.1713436695&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2Fcasino%2Fplay%2Faviator%5D&sid=1713436694&sct=1&seg=0&dl=https%3A%2F%2F1wytvn.life%2Fcasino&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wytvn.life%2Fcasino%2Fplay%2Faviator%5D&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4462

216.239.34.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je44f0v894728184z8894400803za200&_p=1713436692200&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=716980357.1713436695&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2Fcasino%2Fplay%2Faviator%5D&sid=1713436694&sct=1&seg=0&dl=https%3A%2F%2F1wytvn.life%2Fcasino&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wytvn.life%2Fcasino%2Fplay%2Faviator%5D&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4462
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je44f0v894728184z8894400803za200&_p=1713436692200&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=716980357.1713436695&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2Fcasino%2Fplay%2Faviator%5D&sid=1713436694&sct=1&seg=0&dl=https%3A%2F%2F1wytvn.life%2Fcasino&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wytvn.life%2Fcasino%2Fplay%2Faviator%5D&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4462 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wytvn.life
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1wytvn.life
date: Thu, 18 Apr 2024 10:38:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/img/bombay%20live.ab678ab94.svg

154.197.121.128

200 OK

1.5 kB

URL GET HTTP/2
1win-cdn.com/img/bombay%20live.ab678ab94.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1460 bytes)
Hash
291aed0c4eee33d7354cb7440283934c
ed96adcc70c1f20adad6a9b7a4fa494c45a0d66e
e74a67564e0b43deb9d4a6cf97c232567d7dc8111c457c32360d695c21692291

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bombay%20live.ab678ab94.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-5b4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640623991c0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/ezugi.a9c66babd.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
1win-cdn.com/img/ezugi.a9c66babd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1439 bytes)
Hash
329b99ccd51d8cd3e1a5c8a1b83a84eb
ad907259ddfcffb089829ad24a4411ff1cd4b1c0
96e851dca3bca1d7d99061ec91cab28bd2c037ce8732e80a4ed601e86c0e67c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406244a080b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/e2d2b78f-c755-4757-90b0-f2632ab94445.jpeg@avif

188.114.97.1

200 OK

10 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/e2d2b78f-c755-4757-90b0-f2632ab94445.jpeg@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
10 kB (10399 bytes)
Hash
b7211186098c84cc373b72baacfcf8e2
fb785e9766c27312a5c9d59cd9a172d36d9a13a7
bc135b2c5d0910381da869cffd789b60072b1c6984ecfb027577588fa4722c18

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/e2d2b78f-c755-4757-90b0-f2632ab94445.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 10399
cache-control: public, max-age=31536000
content-disposition: inline; filename="e2d2b78f-c755-4757-90b0-f2632ab94445.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjBkZjc5LTIzYjlkIg"
expires: Thu, 25 Apr 2024 09:04:16 GMT
x-request-id: 4-XflDeQ86rdt_26mHfpT
cf-cache-status: HIT
age: 5638
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1kMLif5%2FkYvWLjmv59rrl8kjF8OvTHUdFKuA6SXwnBhCrrF7fFYw6izYtn3ybHDXlIa4S96L4MzVZtyMa1%2FPEIG1KEkpqtBCOBn9%2FoKcaZrZI8%2FrqeZyf2tnM59KgIq5prOHDwh9Xs4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062c2ecf569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/e2d2b78f-c755-4757-90b0-f2632ab94445.jpeg@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/e2d2b78f-c755-4757-90b0-f2632ab94445.jpeg@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/e2d2b78f-c755-4757-90b0-f2632ab94445.jpeg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/img/nolimit%20city.5b7440267.svg

154.197.121.128

200 OK

1.7 kB

URL GET HTTP/2
1win-cdn.com/img/nolimit%20city.5b7440267.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.7 kB (1683 bytes)
Hash
b922d7644363785eac0ec67b0a31e5b5
aeb685310c81a6bbde2c3dc8c6e4bfcf59c77336
f5949bda30ca6a410fa6db0e60789cad60c32183d2f52b4888ab292910bd45bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/nolimit%20city.5b7440267.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-693"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406250b040b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/retrogames.bb592a878.svg

154.197.121.128

200 OK

7.3 kB

URL GET HTTP/2
1win-cdn.com/img/retrogames.bb592a878.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
7.3 kB (7348 bytes)
Hash
58c68473b3dd3ae2f45e31560e366dbf
577748dead61e9aff6756db3bade90442cde170f
e4305fe1e258b0357e17b29825d8fcf96aa9e60f453118e4a69066eb2c955207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/retrogames.bb592a878.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1cb4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406257b840b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=casino&localeId=1

154.197.121.128

200 OK

17 kB

URL GET HTTP/2
1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=casino&localeId=1
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
17 kB (16715 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/banners/all-v2?lang=en&type=desktop&bannersType=casino&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wytvn.life
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"6ed5-vZkaWgKQA1KuP7OlXpijLv1nJAg"
vary: Origin
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=AVDXfAodGlgXHWEtR8.hb5fFFFfibvED6VGUH48HzRw-1713436693-1.0.1.1-1ZZylSSchnILIYudCsxHnvuOfB0xcfisf7UhhFlHuaEXakKQVK47WTRmxfOX4yZwev_pZPvUVFDUDMxSr7_LXw; path=/; expires=Thu, 18-Apr-24 11:08:13 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87640627fe3f56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif

188.114.97.1

200 OK

5.6 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
5.6 kB (5627 bytes)
Hash
baf3f199ffdfb682bbcd9d3837e517c0
3803d7a122952937942ab92c0724af229c4f2dfe
2e33b0efc808c5c2e8e2741821e0b3aa7f595fd7c5d14b51a5b0b75c5fd87058

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 5627
cache-control: public, max-age=31536000
content-disposition: inline; filename="0c8b561e-d1d5-4e08-903f-f0b53d280c7c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MThkLTE2MjkwIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: 5K4g--Pyiqr6b2Ea_4rTn
cf-cache-status: HIT
age: 6701
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TYGJlv25haoT5%2BjdvBl2aukJMqYHl2F9%2Fnz%2FTaUVYuixGySvqNfXnacxfByBdBXFLKuwkppIH9Yu%2F0GSneWTByDKrTGUSjEBu7qZ8HDgu846czoorOqCgmjVdnHR47knJWjHe3WOKIU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062c0ea0569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/ct%20interactive.74b20dbc3.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
1win-cdn.com/img/ct%20interactive.74b20dbc3.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2185 bytes)
Hash
e709608dd45ff01d7f75d21bc3534e1e
d45bc1ea2a957ab8113ecf7da9564be00207c6d4
d3909007c8efcbb7e2d3fdabe0dde74063c3efcd76d989f83f6d128b89494b2f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ct%20interactive.74b20dbc3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-889"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640623c95c0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/36775.2fa23c557.js

154.197.121.128

200 OK

7.8 kB

URL GET HTTP/2
1win-cdn.com/js/36775.2fa23c557.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (7992), with no line terminators
Size
7.8 kB (7758 bytes)
Hash
d412c319b5146f380cd050ddd6e7e0cd
8762e612189c6c1cae0560c13f95e4cef847726b
c7807f1026a4efccdd93155eaed94fd37833461e184e7f5f9eab5a3dc5277208

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/36775.2fa23c557.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-1e4e"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241354
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406221ed10b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/4theplayer.f89265cdd.svg

154.197.121.128

200 OK

4.2 kB

URL GET HTTP/2
1win-cdn.com/img/4theplayer.f89265cdd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
4.2 kB (4199 bytes)
Hash
5cb7cf2507e642be8dd905487dc5ab67
68ad93bac5948542dade50964d8384eb9bff3573
f5bc2b7e50f7ecad4b80ce6102973c2cba12fdbd502b64505788c6f82ba08b66

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/4theplayer.f89265cdd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-1067"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1968
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640622bf980b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/atmosfera.32402e33f.svg

154.197.121.128

200 OK

9.0 kB

URL GET HTTP/2
1win-cdn.com/img/atmosfera.32402e33f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
9.0 kB (8973 bytes)
Hash
3ba4610ae40c2d70390afaa7cba36721
01eeff20113a096675d71c018a7f109c8e53da28
815ee6469c0e9ab67b094e7e529109be7cd887973cfa0d784ac1638e9e5b5637

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/atmosfera.32402e33f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-230d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1968
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640623285e0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/caleta.b1dc71f69.svg

154.197.121.128

200 OK

1.3 kB

URL GET HTTP/2
1win-cdn.com/img/caleta.b1dc71f69.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1304 bytes)
Hash
bbba19a0f7e2c3b02a8ca7d7c833eb63
5dd340d9cc4c395174865b155829f3054fb29275
96061a9a0bc3a990d16e91b8c52ca6436dfde7223b3e9741bee8a772f4559ccd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/caleta.b1dc71f69.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:19 GMT
etag: W/"661fde63-518"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640623a9300b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/netgame.8e28ed366.svg

154.197.121.128

200 OK

2.9 kB

URL GET HTTP/2
1win-cdn.com/img/netgame.8e28ed366.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2917 bytes)
Hash
f7a27f15353cbc6d80464cb321e6f7cd
8e9d03da3c5f00a3a228b545cb8759e837059323
c7829189320f0892562d94639b839e69ab98bc4148e5827a634127bcc2ba9740

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/netgame.8e28ed366.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-b65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7111
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624faf30b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

eu.i.posthog.com/decide/?v=3&ip=1&_=1713436694689&ver=1.126.0&compression=base64

3.125.75.228

200 OK

505 B

URL POST HTTP/2
eu.i.posthog.com/decide/?v=3&ip=1&_=1713436694689&ver=1.126.0&compression=base64
IP
3.125.75.228:443
ASN
#16509 AMAZON-02

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerAmazon
Subject*.i.posthog.com
Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67
ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (549), with no line terminators
Size
505 B (505 bytes)
Hash
f6979cb8cba62aa7b6e613bd7f7a1d88
fbc60ed9ec74a637c060acdbe79cc56311520dc8
9f8fba1211d92ea0d3de72c4871b9990bf6a85465bfbd8eb4a13854096ed35a9

HTTP Headers

POST /decide/?v=3&ip=1&_=1713436694689&ver=1.126.0&compression=base64 HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 275
Origin: https://1wytvn.life
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: application/json
access-control-allow-origin: https://1wytvn.life
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
server: envoy
x-envoy-upstream-service-time: 31
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

1win-cdn.com/js/73650.ab885df75.js

154.197.121.128

200 OK

4.6 kB

URL GET HTTP/2
1win-cdn.com/js/73650.ab885df75.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4620), with no line terminators
Size
4.6 kB (4576 bytes)
Hash
979e0cacc7fa5c0e5de5712148598a1c
df5317fe291a165a5e1b94614e3015507b99c223
7bfc44d48b322c326b31c1928a902746d83e18ba7dd0c5cc3979f15e8bb5a19c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/73650.ab885df75.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-11e0"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241345
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406209d100b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gamzix.c753c377b.svg

154.197.121.128

200 OK

3.9 kB

URL GET HTTP/2
1win-cdn.com/img/gamzix.c753c377b.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
3.9 kB (3899 bytes)
Hash
c9bdfac4b8a9fec4171e1e4eaada52d9
e0ecf83a680f3cb4750ca30306d444bf25e8a890
a9f4f158614d42eb732421ef41983f0cbfe1f29e95101bd315d0b3d238f1d21d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gamzix.c753c377b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-f3b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624aa7e0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/red%20tiger.157f419e2.svg

154.197.121.128

200 OK

15 kB

URL GET HTTP/2
1win-cdn.com/img/red%20tiger.157f419e2.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
15 kB (14736 bytes)
Hash
f0a8d4ae6c95b6d6b2b0bbbaa62aad9d
9ea188283d324f5c87a802c14ec3386167e7e2a8
4572ee67d26acf1ccb35decf47651e67464a7dc0a438d79c721b9ba739f14d2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/red%20tiger.157f419e2.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-3990"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406255b680b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/cashback.12a565952.svg

154.197.121.128

200 OK

2.1 kB

URL GET HTTP/2
1win-cdn.com/img/cashback.12a565952.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.1 kB (2129 bytes)
Hash
dec65694aea7fe3f90d83fe595dc7ecf
563946a4b82ac2f2f0207a2695103e1daf34ad43
8a583efa9fc057f298b82a2f153fd082a240f8bf5feb8cb394e0a76d19c507c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cashback.12a565952.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-851"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:38:14 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062b9c7d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/betgames.f9572e26f.svg

154.197.121.128

200 OK

3.1 kB

URL GET HTTP/2
1win-cdn.com/img/betgames.f9572e26f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
3.1 kB (3051 bytes)
Hash
22c1b0dd1e37b9c443eda963fe76d96e
7cdb9b3ec3c095dd657c2bc18489b00fc8f5f7fd
058002db89099b878d2fceffc78b9bdc47a5c5e990ebab7af3d1a9bac806a4f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betgames.f9572e26f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-beb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062368b90b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/958d5b62-c3d6-41b6-a351-d326f556d7f0.jpg@avif

188.114.97.1

200 OK

4.2 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/958d5b62-c3d6-41b6-a351-d326f556d7f0.jpg@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
4.2 kB (4245 bytes)
Hash
cec26927d375d9904ac3dceaf8d803fb
3463c88dbfa4bdd967966714ad52aadc07f0a155
5b221f9acc142e2409495c720ddc7e6c7266c891c1eef871a88366c009f66233

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/958d5b62-c3d6-41b6-a351-d326f556d7f0.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 4245
cache-control: public, max-age=31536000
content-disposition: inline; filename="958d5b62-c3d6-41b6-a351-d326f556d7f0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MGM2YjJjLWEzNzUi"
expires: Fri, 19 Apr 2024 06:58:29 GMT
x-request-id: jIJYSjLoqoGwvN9wKnitL
cf-cache-status: HIT
age: 531585
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dS%2BgGc5VniX8y7QShOEpMWNAj4U1NTVY7sbKuKgR%2FukGyAjnclXVLbrCfsHmjhMqWklre97DXvNG2bV20Uv7bmlyqCR9xbygej%2B1hSD1yCuwP3mcR1EGadUUQC%2F2MbcxvnRBMnby%2BXA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062d1850569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/31310.c605a9b9f.js

154.197.121.128

200 OK

528 B

URL GET HTTP/2
1win-cdn.com/js/31310.c605a9b9f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (546), with no line terminators
Size
528 B (528 bytes)
Hash
819ea0d23f76434d7cf7bdad5c0dc71f
06f5a3c6cd80db3f5850633d2f868f55e7e92447
3fc29ff364ab40aadf6f25a1d6423b9d333cfecf786e3cfcc04175850357eedb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227719
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061f1b3d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/35004.f2354cf98.js

154.197.121.128

200 OK

23 kB

URL GET HTTP/2
1win-cdn.com/js/35004.f2354cf98.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
JavaScript source, ASCII text, with very long lines (23340), with no line terminators
Size
23 kB (23340 bytes)
Hash
440799cf0cd0e366ced388bd521b581c
a3a9b113dd83cebcc40b06d91e844e1fa28a249f
f861a31438a3a102068b510126db9703e696203c7aa027312910ea94c9772ddd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/35004.f2354cf98.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-5b2c"
expires: Sun, 16 Apr 2034 10:38:13 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1219154
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406271da20b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp

154.197.121.128

200 OK

40 kB

URL GET HTTP/2
1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp
Size
40 kB (39614 bytes)
Hash
14de8fd7c8de24bb9f6f89ddd3c2d480
9635193c712dafa2c58339dee09588880a96a980
633593c73a175eabb2a5716a04aa84b1b49fc8e4ac4687b07509db36350076b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/500_i18_bg.0e037ee17-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/webp
content-length: 39614
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
etag: "6620e288-9abe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1971
expires: Thu, 18 Apr 2024 14:38:14 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062a8abc0b55-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/38209.ce0dbb534.js

154.197.121.128

200 OK

1.3 kB

URL GET HTTP/2
1win-cdn.com/js/38209.ce0dbb534.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1359), with no line terminators
Size
1.3 kB (1311 bytes)
Hash
8cac0a300131504f4cdf9de98e24c2bc
c76c49c15203750221970fefea15fe0352bb9978
a213d9451b50ae86bd8e75883092b22dedfcdc6ae2e26f5dd9c7de3d8957c16d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/38209.ce0dbb534.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-51f"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227719
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061efaf70b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/igrosoft.69f8e3ca4.svg

154.197.121.128

200 OK

1.3 kB

URL GET HTTP/2
1win-cdn.com/img/igrosoft.69f8e3ca4.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1280 bytes)
Hash
c193a82075a3318b6b01f6652548e025
008409af9a242969c8c0205fc8052d17b61410b3
71151a1f7c348dc26ab089351320dfd6cf0ccfe3c0019c475e0917c0f9b353f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/igrosoft.69f8e3ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-500"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624cab70b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

eu.i.posthog.com/i/v0/e/?ip=1&_=1713436695202&ver=1.126.0&compression=gzip-js

3.125.75.228

200 OK

15 B

URL POST HTTP/2
eu.i.posthog.com/i/v0/e/?ip=1&_=1713436695202&ver=1.126.0&compression=gzip-js
IP
3.125.75.228:443
ASN
#16509 AMAZON-02

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerAmazon
Subject*.i.posthog.com
Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67
ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
15 B (15 bytes)
Hash
0e5f45e1f07c66593d640695360da703
d39b576f5b312e68ec85c6242605e555f728134c
5aad08d4950472abb6eefcabf4a0d86d2ccef9958f394f68c06d81db0e2b7149

HTTP Headers

POST /i/v0/e/?ip=1&_=1713436695202&ver=1.126.0&compression=gzip-js HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 980
Origin: https://1wytvn.life
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:15 GMT
content-type: application/json
content-length: 15
vary: origin, access-control-request-method, access-control-request-headers
access-control-allow-origin: https://1wytvn.life
access-control-allow-credentials: true
x-envoy-upstream-service-time: 75
server: envoy
X-Firefox-Spdy: h2

1win-cdn.com/img/boomerang.413a98511.svg

154.197.121.128

200 OK

36 kB

URL GET HTTP/2
1win-cdn.com/img/boomerang.413a98511.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
36 kB (35896 bytes)
Hash
d37b7a09c29c7e0179175433f4b9cff7
9c24e32b7e570cd294ee7400d7b6b96348a6a8f9
e9eaf42baf55a608a7663e6f63812bd1faf020d3d75d6c12ddec5ea4b945e53a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/boomerang.413a98511.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:19 GMT
etag: W/"661fde63-8c38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062399250b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/81774270-d852-43fc-9bde-098bb9976e0f.png@avif

188.114.97.1

200 OK

16 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/81774270-d852-43fc-9bde-098bb9976e0f.png@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
16 kB (16311 bytes)
Hash
eb82ec25605ebca981cc9b93ab1ae86c
b55d34a018caf29bb1557b1fc6158566739c1b2b
64186e8edfb8f2fe4772e10292a1f8977bc59192c9f48a1e6f43e530edac492f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/81774270-d852-43fc-9bde-098bb9976e0f.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 16311
cache-control: public, max-age=31536000
content-disposition: inline; filename="81774270-d852-43fc-9bde-098bb9976e0f.avif"
content-security-policy: script-src 'none'
etag: "aAW6VDAor011uV9XSvPmkLd6FEDbuXicemelEDsn6Hk/RIjY2MWU4YTgyLWQ5NzcwIg"
expires: Tue, 23 Apr 2024 14:31:42 GMT
x-request-id: p1psyxB2epZV693B_MwVO
cf-cache-status: HIT
age: 158792
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DnHSxynOgZp1w3vfpiiECGY%2BPaDD3VdglOTqyrBeixRXIpYFhyfoYkHi7StUBeXtyUORQxGbLunRSNhNtK8lu8lKqXpNX6lWQhTm8%2F0OUVzWpq03LzzTY7s%2BPmbG2MVaO78Sp44NfyA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062bde46569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/7c56964c-300a-4ad5-9898-b34eb4e0656e.png@avif

188.114.97.1

200 OK

6.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/7c56964c-300a-4ad5-9898-b34eb4e0656e.png@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
6.4 kB (6408 bytes)
Hash
f5f1523ce5532fe0aa4d9fab66e57784
f1eab9495f116a2da51e24a0619b0023d8706fc9
99707d8ff5741a00eab3b25b13469bd75afa4fe85b8271f5bb07b4a80ee57ad4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/7c56964c-300a-4ad5-9898-b34eb4e0656e.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 6408
cache-control: public, max-age=31536000
content-disposition: inline; filename="7c56964c-300a-4ad5-9898-b34eb4e0656e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0Y2ExYTBhLTNmZWM4Ig"
expires: Fri, 19 Apr 2024 09:17:22 GMT
x-request-id: GFhzapJECGaJk1CZRTWZc
cf-cache-status: HIT
age: 523252
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m%2FHQ8jmtTeo3xC17zFJmxvpqp%2Fqp0yb8T5eTs44hdKq%2F%2Fl7TnbvQA1G%2FANwpqjaSQ9KoCt5HvIExz45RF%2B7jmKYc8NWoPF4KGToV6IBQqvPOoTcl8U1scTH6g3Agk%2B1BxKKYu7fO4GQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062cbfc6569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/91217.fc8dbcaea.js

154.197.121.128

200 OK

828 B

URL GET HTTP/2
1win-cdn.com/js/91217.fc8dbcaea.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (846), with no line terminators
Size
828 B (828 bytes)
Hash
873b0a1f00b7e367ac6843a8b9e80deb
b9333e21da514f326abf81822702b8897c39fb48
647917f9f3afebc3e96f7512bdfa2faf4e3b02948b908fedc205a18a5aa4c76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/91217.fc8dbcaea.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-33c"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227719
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061eda9f0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/zillion.c0e3dd6f0.svg

154.197.121.128

200 OK

684 B

URL GET HTTP/2
1win-cdn.com/img/zillion.c0e3dd6f0.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
684 B (684 bytes)
Hash
d9e09ca4e933fc8dabb60c1335cb7cd6
37b3bb2ea200f88ae0f7c681547dfba6fcce1449
fb15bc779be9be33fbb41082ce8c6defe5cbeb6273b2a3cf620e40ef4416c177

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/zillion.c0e3dd6f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-2ac"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406264c850b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/flags/en.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
1win-cdn.com/img/flags/en.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2222 bytes)
Hash
79e4258317717cae7d54221d403e28d4
85a14a9c6aa03cf4c9ec9e942a06e5987cb61d0a
0b0d98ecb898886bc24f0a6859a7a76034f960374c9914370e69d3ac7467a697

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061f2b450b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/lucky-jet.f927485da.svg

154.197.121.128

200 OK

4.0 kB

URL GET HTTP/2
1win-cdn.com/img/lucky-jet.f927485da.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
4.0 kB (3981 bytes)
Hash
46387a9ff4a17ec246107df243120bfb
f662dcb3e5629d8b9dcd169f73e31f95309bda40
b3cffaeaa51fa3689ab70d930776d565a90ab7caaaace2f1cac5f67cfc13205f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6991
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061fabdd0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-casino.fd47961dc.js

154.197.121.128

200 OK

91 kB

URL GET HTTP/2
1win-cdn.com/js/icons-pack-casino.fd47961dc.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
91 kB (91385 bytes)
Hash
caf103b3719cd36e18dd18439deac2fe
b2e498d23c374abbc8ccd46f2ca03cb2bb2f41a3
4b280d2612a827e6604aef233c91cfd79b359a47065c728a350d0646c5c8a68c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/icons-pack-casino.fd47961dc.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-164f9"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227717
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406226f4d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/46665.703cfe1de.js

154.197.121.128

200 OK

1.0 kB

URL GET HTTP/2
1win-cdn.com/js/46665.703cfe1de.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1042), with no line terminators
Size
1.0 kB (1022 bytes)
Hash
530c1fc3208b67ba84edf563465386ad
d2ae074df39f95da703f5a582a2dadec59962e2c
82df31a277f44a4f8045b7081e23b00003dcadb0f695354354559aaff26a392a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/46665.703cfe1de.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3fe"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227717
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640622dfd40b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/relax.1a68769f8.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
1win-cdn.com/img/relax.1a68769f8.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1407 bytes)
Hash
d29d9c49a3e8be4842246e8b658651b1
71129bcf41f71edffe3fb4db0b4ff2faf37bd536
67d8edefc6b96e711c297519bc268d93c477cebc6a6cd0f912bb1567ee2a71eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/relax.1a68769f8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406256b7e0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/emoji-slots.1c6e965b9-160.png

154.197.121.128

200 OK

7.8 kB

URL GET HTTP/2
1win-cdn.com/img/emoji-slots.1c6e965b9-160.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
PNG image data, 160 x 160, 8-bit colormap, non-interlaced
Size
7.8 kB (7806 bytes)
Hash
87325735734a61a6dcf78148f1eb9fef
934481694321a7c02aca3fc865355eb732f7d0cc
6f6332331617980bbe000550b8ec83e3ab48cc35a952ba512f7fac2b9dfae881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/emoji-slots.1c6e965b9-160.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/png
content-length: 7806
cf-bgj: imgq:100,h2pri
cf-polished: origSize=8977
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620e288-2311"
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
cf-cache-status: HIT
age: 1963
expires: Thu, 18 Apr 2024 14:38:14 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062b9c730b55-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/24644.ff7d12e57.js

154.197.121.128

200 OK

581 B

URL GET HTTP/2
1win-cdn.com/js/24644.ff7d12e57.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (607), with no line terminators
Size
581 B (581 bytes)
Hash
feddc8a4c035a2c630a2ea463c915a47
1e8a0b66df3553d16f631fd69021d7f401829d1d
ad191c0ab92670b11a9de0f2eabf242cb7172027e9e7535b163efb40bc560318

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/24644.ff7d12e57.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-245"
expires: Sun, 16 Apr 2034 10:38:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1226125
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062fbbe40b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/91635.a2db5f817.js

154.197.121.128

200 OK

748 B

URL GET HTTP/2
1win-cdn.com/js/91635.a2db5f817.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (766), with no line terminators
Size
748 B (748 bytes)
Hash
74c5864ef446bbb00f9e7e1b39eff8f9
04696352def160b6c3536b2b11c4351f02f49780
348cacf24053c417315aaf1dd971cf88c758964beeb37725c7f683b90bb5e7d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/91635.a2db5f817.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2ec"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227719
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061eeae50b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png

154.197.121.128

200 OK

5.3 kB

URL GET HTTP/2
1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
PNG image data, 120 x 97, 8-bit colormap, non-interlaced
Size
5.3 kB (5274 bytes)
Hash
911fa68d94dd3f2bc8ceff2671e87bdd
9bca43449cf32e95c62291a802cad6e6c4493025
9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/png
content-length: 5274
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "661fde64-18d2"
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061ffc490b55-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/skywind.9cd4f870b.svg

154.197.121.128

200 OK

1.5 kB

URL GET HTTP/2
1win-cdn.com/img/skywind.9cd4f870b.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1507 bytes)
Hash
6133bd0ec680372c4b1478cca75bd999
852e07d884235f5b480657590f2cba1ce4d53d7f
6e09ca60ae8119229bdebf17f96b69ea481296cf4da7dbd9c2d27ee8111d30f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/skywind.9cd4f870b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-5e3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640625abb20b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/72949.472bec630.js

154.197.121.128

200 OK

878 B

URL GET HTTP/2
1win-cdn.com/js/72949.472bec630.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (896), with no line terminators
Size
878 B (878 bytes)
Hash
2a8b1ec825923193cce2fdbf0877c80e
2b45f42fcceb6299adea8c36486860ee858e8750
b11c64f65e44dafabbcfe220e5985c08d995e5e0450f96d29d1ec245acda1cc7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/72949.472bec630.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-36e"
expires: Sun, 16 Apr 2034 10:38:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1219154
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062adb3b0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/28852.501b5fba6.js

154.197.121.128

200 OK

906 B

URL GET HTTP/2
1win-cdn.com/js/28852.501b5fba6.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (924), with no line terminators
Size
906 B (906 bytes)
Hash
f97751384d582a6e650b35ebe9d32479
e545afff49a2a354c28392833508fd88ebaa4875
1df0101a9f183c7133c49e126c64e4820760e5ab7d99895d0ee7e6d514810b9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/28852.501b5fba6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38a"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227719
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061f1b2d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/1spin4win.bb21057a4.svg

154.197.121.128

200 OK

1.2 kB

URL GET HTTP/2
1win-cdn.com/img/1spin4win.bb21057a4.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1242 bytes)
Hash
c7e582dcd4acb7d74e4065abbe28183e
d04183d1e1dc6665f54a667c7977b6c6a3672791
671ef5f707012d29c043164d157ca7028d371107dca629046657198f1f0173c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1spin4win.bb21057a4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-4da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1968
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406229f7b0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/playbro.9ed310f23.svg

154.197.121.128

200 OK

4.8 kB

URL GET HTTP/2
1win-cdn.com/img/playbro.9ed310f23.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
4.8 kB (4839 bytes)
Hash
221b773f0eb73aa28f7617e628f7fc2f
67e3b29f4a951351da5183dd7d6e083fbc991322
4ad7ef6a7e11897fa2b2830921fe86a3d878866c81c87d159f90732be0d30e9d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/playbro.9ed310f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-12e7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406253b360b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/57652.297e4ecc2.js

154.197.121.128

200 OK

647 B

URL GET HTTP/2
1win-cdn.com/js/57652.297e4ecc2.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (667), with no line terminators
Size
647 B (647 bytes)
Hash
53d580c5f29a2a838b6595fa6ff0f0a3
ab60adb7207a806d271778effe677ed01dc144b0
d09039f573818646e722fef48f6f9d999dc7382548877a5699e9b45be29ec6dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227719
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061fcc080b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/endorphina.20b721ba6.svg

154.197.121.128

200 OK

7.1 kB

URL GET HTTP/2
1win-cdn.com/img/endorphina.20b721ba6.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
7.1 kB (7113 bytes)
Hash
a89aae2f962bcb01ecb8e3ddd113b797
706e09d5fa8312ec4cd3c7ca606ad19edca158d9
3a3f4f70b1c092a12634c8a8fbf3409fa001ee6d9a1eed7f0a3a5cfe5866dd6a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/endorphina.20b721ba6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1bc9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6931
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062419d30b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/amusnet%20interactive.428b45c71.svg

154.197.121.128

200 OK

672 B

URL GET HTTP/2
1win-cdn.com/img/amusnet%20interactive.428b45c71.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
672 B (672 bytes)
Hash
dd800d25fd1fc6956949e43d9997d38d
d2e3ced7d4ad91488dc8dde871b6651a01153f4a
8a010ef18c9d5777be9dbf363882bb9eadb3ded464fa63f0dd133e10a1bfef1b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/amusnet%20interactive.428b45c71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-2a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1968
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062318310b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bet2tech.41863da88.svg

154.197.121.128

200 OK

1.8 kB

URL GET HTTP/2
1win-cdn.com/img/bet2tech.41863da88.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.8 kB (1823 bytes)
Hash
37036b9327cf2f08f10c828a969255cc
110c9e121e3f79982f785db63213d01a94faf4b0
13efe39819f6ca0b2ae3ceba64c239738536fee39cd1d6a4a142079050975f2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bet2tech.41863da88.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-71f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640623589a0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/flags/no.svg

154.197.121.128

200 OK

326 B

URL GET HTTP/2
1win-cdn.com/img/flags/no.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
326 B (326 bytes)
Hash
8b888b132836f9bf2c915bb3904c6dd3
e356289b851fdef19c9e0b2af31acbf95d77b0f8
da80fbdaeba2338f9ff3e93db2f1653c03c3dffa0cf376eed372edc98e308f0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/no.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:15 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-146"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7102
expires: Thu, 18 Apr 2024 14:38:15 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062fbbf30b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/88971.a170f9f22.js

154.197.121.128

200 OK

529 B

URL GET HTTP/2
1win-cdn.com/js/88971.a170f9f22.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (547), with no line terminators
Size
529 B (529 bytes)
Hash
747fc30343cbabbbcd8246b2a4598ccc
9bf22fb112b065a447c3dc013d3e513f7814566d
7970a6d096e6162d9b534b3160178c89ea5aa9c041f6adf5294be76148e09780

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/88971.a170f9f22.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-211"
expires: Sun, 16 Apr 2034 10:38:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227721
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062b2be00b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/present-with-light.bd57fb068-151.png

154.197.121.128

200 OK

5.6 kB

URL GET HTTP/2
1win-cdn.com/img/present-with-light.bd57fb068-151.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
PNG image data, 151 x 161, 8-bit colormap, non-interlaced
Size
5.6 kB (5600 bytes)
Hash
a804ad67f4add53f8c251c2ebc80469d
4108aeab2f7a7c3720885edeb445e6131a383a49
06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "661fde64-1a4c"
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
cf-cache-status: HIT
age: 7110
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061efafb0b55-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/oryx.ddc50c514.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
1win-cdn.com/img/oryx.ddc50c514.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1367 bytes)
Hash
be6fe09456c38389975b47be1d6e664c
aa63088e5bb8604d301bf747e760f3fbb47cca9d
f8822aadbf4cdec8d633d4b6e8e4928dde87a143cf57d6d9f018ffe50809f1b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/oryx.ddc50c514.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-557"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406252b1e0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/apollo%20play.610da8846.svg

154.197.121.128

200 OK

5.5 kB

URL GET HTTP/2
1win-cdn.com/img/apollo%20play.610da8846.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
5.5 kB (5515 bytes)
Hash
50314c7ffb9d11a02d2c58c66e124e29
3ebfb6e02132e3281c64e7866a621fc9ff43678e
c6073fd4fbb0239b24f30fc4d2e90e2d34060adb4854b0b3eb34e5c0e363346d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/apollo%20play.610da8846.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-158b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1968
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062328340b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/20420.30b3c996e.js

154.197.121.128

200 OK

573 B

URL GET HTTP/2
1win-cdn.com/js/20420.30b3c996e.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (591), with no line terminators
Size
573 B (573 bytes)
Hash
41330d1d45db0c752d96abc28dbb0644
3e716caf3e130d706d19fff163b8fda8b91574eb
fbcbcecc2dd56e59b3e7ae495a64eafdbee9d493cd3b86ba0ebe14f75e031dc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/20420.30b3c996e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-23d"
expires: Sun, 16 Apr 2034 10:38:13 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1227718
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062368ba0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/100hp/4c01eac6-1ab0-479b-a083-5ae770bcaa93.jpg@avif

188.114.97.1

200 OK

5.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/100hp/4c01eac6-1ab0-479b-a083-5ae770bcaa93.jpg@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
5.4 kB (5410 bytes)
Hash
97df9a3fba74baaccb602d60b4da9de8
dbc803c86a3fa222df8d58dd43ecdff7ef2938de
e51f4dfc3ad47729e0f5a3e5fa6c9a03d4e6eaf03a9d353342420f47763f513e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/100hp/4c01eac6-1ab0-479b-a083-5ae770bcaa93.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 5410
cache-control: public, max-age=31536000
content-disposition: inline; filename="4c01eac6-1ab0-479b-a083-5ae770bcaa93.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZTIxNjkzLTEzMGI1Ig"
expires: Wed, 24 Apr 2024 18:14:49 GMT
x-request-id: IjJuTQ3phycvU4v458twJ
cf-cache-status: HIT
age: 59005
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CwQqUuXuXwD1DlEdP4BSppOq8r%2B4u%2FALsbFOGRwkSMDDzfPWgE0VRLjV5K%2FApqJjWQEjq5QJYoqFFgnYuEBIh%2FMLUUG6jjrmh2eHVOfXkXGYZ35L1E0dfyT%2FqGOSxejuLJc2DcTDSwU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062d1840569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/max%20win%20gaming.00fa88483.svg

154.197.121.128

200 OK

763 B

URL GET HTTP/2
1win-cdn.com/img/max%20win%20gaming.00fa88483.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
763 B (763 bytes)
Hash
6887ef2393d55338db36ccf501d3b364
cada230cfe07fd9fda37cfde92abc048879815bf
9a8cda3aaf7794cfa521832e211f826e61a93bbe5c0105671dc790b6bed65732

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/max%20win%20gaming.00fa88483.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-2fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624fae90b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/1win-normal.34748aac6.svg

154.197.121.128

200 OK

4.6 kB

URL GET HTTP/2
1win-cdn.com/img/1win-normal.34748aac6.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
4.6 kB (4641 bytes)
Hash
6a657a7851fa92f791304f1cdb123e9a
ae2def67a366ffe67578bf82e3c47b4f1966e784
8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1win-normal.34748aac6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-1221"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6991
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061fabda0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/slotmill.c42ddd447.svg

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
1win-cdn.com/img/slotmill.c42ddd447.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
13 kB (13075 bytes)
Hash
39d48e4b982998cd10417bd09dcc0afc
541c60c508d7777db2cd0e49c18cf32219532dd8
3e18df680be6da9246c3675408ec0e7e107891281a863ab9b6377832b44ee48f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/slotmill.c42ddd447.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-3313"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640625abb40b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/42672.1d05742a3.js

154.197.121.128

200 OK

884 B

URL GET HTTP/2
1win-cdn.com/js/42672.1d05742a3.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (910), with no line terminators
Size
884 B (884 bytes)
Hash
84e9ef241ba6d064f080cf809baa8f8b
aa88381b3389d9ac5129099cac848b9068c5841f
0ee1a9bf53639249a9ff2b09acb4903f1bd7d4318e25612c0c88b1389af9125f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/42672.1d05742a3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-374"
expires: Sun, 16 Apr 2034 10:38:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1226126
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062fcc2f0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/playtech.cecac3222.svg

154.197.121.128

200 OK

2.6 kB

URL GET HTTP/2
1win-cdn.com/img/playtech.cecac3222.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2560 bytes)
Hash
54cb545ad750e3e670cc7cfaed81c2d4
f808d9b539d13d64c4b405da4dca9b0db732b87e
2bcda89b73c859c34d62c330205d603cb247ae31b00e987f3c3bfaaa3ba2a64e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/playtech.cecac3222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-a00"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406254b430b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wytvn.life/firebase/8.1.1/firebase-messaging.js

190.115.24.78

200 OK

41 kB

URL GET HTTP/2
1wytvn.life/firebase/8.1.1/firebase-messaging.js
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerLet's Encrypt
Subject1wytvn.life
FingerprintA9:AA:3C:AC:93:FF:91:3E:55:61:68:A8:D6:9F:FF:CA:D5:F3:72:21
ValidityTue, 16 Apr 2024 09:15:26 GMT - Mon, 15 Jul 2024 09:15:25 GMT

File type
JavaScript source, ASCII text, with very long lines (40719)
Size
41 kB (40741 bytes)
Hash
450e8b32262706d42cfdd438c49208f5
31c7e4aac1d1303c1e83a0b591abc3501e278668
58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wytvn.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/casino/play/aviator]
Cookie: __ddg1_=UOkV9RkTrxoNWP2oBlGL; visit_domain=1wytvn.life; ph_phc_g0UTdOPocaIsKP6mrNYRhKJrTmq7XwcuBgfYvKmPnj6_posthog=%7B%22distinct_id%22%3A%22018ef0c9-0c58-7f49-9681-ef71693e1143%22%2C%22%24sesid%22%3A%5B1713436691601%2C%22018ef0c9-0c91-7a05-8955-fac46a7c9f02%22%2C1713436691601%5D%7D; core-sticky=http://10.233.80.180:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJiYjFlYjkwNy0zYzA4LTQ4NjQtODE1Yi01NzM3NzNjYzNiYzQlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzEzNDM2NjkxNzUxJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxMzQzNjY5MTc5MiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Tue, 16 Apr 2024 21:24:50 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 10:46:25 GMT
etag: W/"661e5701-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 134002
content-length: 10915
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

1win-cdn.com/css/36775.1ad325918.css

154.197.121.128

200 OK

17 kB

URL GET HTTP/2
1win-cdn.com/css/36775.1ad325918.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ASCII text, with very long lines (17189)
Size
17 kB (17190 bytes)
Hash
a162edb527bb9e6d038f1855f671f64e
87889c36f27ba672071917da093d77cf102552c1
6218cf0b4ffbe30eaf4c29aea6f45f94ecdea335fd358ba80d9badd6eedfcce3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/36775.1ad325918.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: text/css
last-modified: Mon, 08 Apr 2024 09:34:39 GMT
etag: W/"6613ba2f-4326"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 866242
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406221ec40b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/electric%20elephant%20.dd56c804d.svg

154.197.121.128

200 OK

5.2 kB

URL GET HTTP/2
1win-cdn.com/img/electric%20elephant%20.dd56c804d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
5.2 kB (5179 bytes)
Hash
ee4b076249d3d52c42ca2f59e03cae25
d072a4002835fbd0279757a42bed97a398e7adf7
9eeb2fb4664558d20a84cd82fb347d73ef91975eb4a5c5ee274b16f3ebd9c495

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/electric%20elephant%20.dd56c804d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-143b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062419c80b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/mascot%20gaming.21cafbe70.svg

154.197.121.128

200 OK

5.2 kB

URL GET HTTP/2
1win-cdn.com/img/mascot%20gaming.21cafbe70.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
5.2 kB (5199 bytes)
Hash
692c90ac31385db12fe64a48ec01b77a
e9249716fcbdc6e0b75b798d0f37ed6942a045da
d0b041e1a396908bda558a5d224edb3cd80787d88910beb2fdb2dc4e5186045a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/mascot%20gaming.21cafbe70.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-144f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640624eae60b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/elbet.701d0b0cd.svg

154.197.121.128

200 OK

11 kB

URL GET HTTP/2
1win-cdn.com/img/elbet.701d0b0cd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
11 kB (10829 bytes)
Hash
bd34c45017a4b3fe3d0813abbe16f113
2177a96200b95aa21ece71bfcbeadd200904c279
2ac83316161088868fcb56ac9812110d94b73567efab5e25b7387089d1ba7624

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/elbet.701d0b0cd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-2a4d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062409b50b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gameart.7beff0d18.svg

154.197.121.128

200 OK

2.6 kB

URL GET HTTP/2
1win-cdn.com/img/gameart.7beff0d18.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2608 bytes)
Hash
0316280cc350cb02b448e29142cbc493
16182a01de1fe9f3918bdfff51002844776c1b08
be85aab3a3bd01ae6471157366d278a01d650882cccaa670c8d5472eda92a073

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gameart.7beff0d18.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-a30"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406245a210b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/playson.2ff1c7d85.svg

154.197.121.128

200 OK

2.8 kB

URL GET HTTP/2
1win-cdn.com/img/playson.2ff1c7d85.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.8 kB (2789 bytes)
Hash
241ae7d1512148f38162202a1838bcf7
7937917d26b57052c052b0cce94f5d1697c8caa7
a6bbee3377db6138a13bd0bd2bc21f778d1f5744a38653efe4acb48d8078367e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/playson.2ff1c7d85.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-ae5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406253b3e0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/9019.6eaa01ac4.js

154.197.121.128

200 OK

11 kB

URL GET HTTP/2
1win-cdn.com/js/9019.6eaa01ac4.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
JavaScript source, ASCII text, with very long lines (10570), with no line terminators
Size
11 kB (10570 bytes)
Hash
0b5f842702b9320c6bc016bc272af61b
185c09f2b20243d500af6149922e8f77e27dc905
abd67b9dc4642d4efda8a7f8a9aae62acbbc1a654202378a7af175d5806830f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/9019.6eaa01ac4.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-294a"
expires: Sun, 16 Apr 2034 10:38:12 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241606
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061e7a0e0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/barbara%20bang.790acb7dc.svg

154.197.121.128

200 OK

27 kB

URL GET HTTP/2
1win-cdn.com/img/barbara%20bang.790acb7dc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
27 kB (26842 bytes)
Hash
287d95b42ce0b42532a5c8caff190779
6d6b4d0d17c558215c719336d124ba53a7118083
739c17db57dc727e751e65cf1d4aed12fb371a1e40060a3b22c92e630219e945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/barbara%20bang.790acb7dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-68da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5311
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062348810b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bf%20games.7559aed26.svg

154.197.121.128

200 OK

5.0 kB

URL GET HTTP/2
1win-cdn.com/img/bf%20games.7559aed26.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
5.0 kB (4994 bytes)
Hash
b94bb2811096b861bfbf8fbcd4de9149
17418a385bb399e79588ba1f6d3ee661c40197c5
c1f44795037017c6bfdb6b4e563a6c9323468cc8df433cfd871784dcf55472f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bf%20games.7559aed26.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-1382"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5311
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062368c00b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/56657.0f68ac264.css

154.197.121.128

200 OK

28 kB

URL GET HTTP/2
1win-cdn.com/css/56657.0f68ac264.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ASCII text, with very long lines (28379)
Size
28 kB (28380 bytes)
Hash
e75c0ab8027f42b820a9688da88c2fbc
0000148be7fb08acf84277d20b3cdef610eb89b5
1eac02249cd6697abecc7f19e18f5e698a88a6d59dbfab4a985106c79fa33fb4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/56657.0f68ac264.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-6edc"
expires: Sun, 16 Apr 2034 10:38:13 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1219154
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406271da40b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wytvn.life/casino/play/aviator]

190.115.24.78

200 OK

430 kB

URL User Request GET HTTP/2
1wytvn.life/casino/play/aviator]
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Certificate
IssuerLet's Encrypt
Subject1wytvn.life
FingerprintA9:AA:3C:AC:93:FF:91:3E:55:61:68:A8:D6:9F:FF:CA:D5:F3:72:21
ValidityTue, 16 Apr 2024 09:15:26 GMT - Mon, 15 Jul 2024 09:15:25 GMT

File type

Size
430 kB (429850 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino/play/aviator] HTTP/1.1
Host: 1wytvn.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=UOkV9RkTrxoNWP2oBlGL; Domain=.1wytvn.life; HttpOnly; Path=/; Expires=Fri, 18-Apr-2025 10:38:10 GMT
date: Thu, 18 Apr 2024 10:38:10 GMT
content-type: text/html; charset=utf-8
x-request-id: P4c8R8DMavgHtyyx
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wytvn.life
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/img/truelab.ec113fba7.svg

154.197.121.128

200 OK

2.0 kB

URL GET HTTP/2
1win-cdn.com/img/truelab.ec113fba7.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.0 kB (1968 bytes)
Hash
edd84be1aaadcb0b503864bea380f168
af4583fc1079d7d5e07cc6ca22b56f9eeaab7418
d73eced8792c2507b075c7a7a313f1e228700fda1108d4ab44d707b36b241e06

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/truelab.ec113fba7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-7b0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406261c3d0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js

142.250.74.164

200 OK

850 B

URL GET HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06
ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT

File type
JavaScript source, ASCII text, with very long lines (850), with no line terminators
Size
850 B (850 bytes)
Hash
1613f25e7a73976f440bd3c174bc1dc3
ffa5be6619ae6109c6e412186e0f12b8d8a73cd9
091a7de491da06df67c869b9905c1d028eb2816e68360c0b5b7a4fa8ce590322

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Thu, 18 Apr 2024 10:38:15 GMT
date: Thu, 18 Apr 2024 10:38:15 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/js/11420.38ac09d66.js

154.197.121.128

200 OK

127 kB

URL GET HTTP/2
1win-cdn.com/js/11420.38ac09d66.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
127 kB (126658 bytes)
Hash
e17fa558b9dfe0726904ef1cbb1ee1cf
1ae17901c3c502bd950e6982aa6e75659d8c6305
f8bfbeb930700f2f81f72c38b1985cd949bd322145e15d05f9b815c9a7f4d7cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/11420.38ac09d66.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-1eec2"
expires: Sun, 16 Apr 2034 10:38:11 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241665
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640619fc2f0b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/fugaso.1a40d61ad.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/fugaso.1a40d61ad.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2385 bytes)
Hash
fbe83afa72fe7a858d1fcd467a7e3acb
5dc85aabeac449d7287662a7b6ffe2936e447b84
21f646343e711bc51884ff1699ff6dc11de867dd10a58fee0ad946c197d46cc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fugaso.1a40d61ad.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-951"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406244a140b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/spinomenal.e0cf93b3a.svg

154.197.121.128

200 OK

2.3 kB

URL GET HTTP/2
1win-cdn.com/img/spinomenal.e0cf93b3a.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.3 kB (2256 bytes)
Hash
cccb25968af8377b09aaabb6aac79736
84938c2eeb2043bd681550b012601b0b0a2395b0
59b22e2b3007555e659e3a56f1c622f3635e7e0a7f284ce7b9a56dfe5fde9e9d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spinomenal.e0cf93b3a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-8d0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640625dbf40b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/55799.274042d04.js

154.197.121.128

200 OK

963 B

URL GET HTTP/2
1win-cdn.com/js/55799.274042d04.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (997), with no line terminators
Size
963 B (963 bytes)
Hash
59ff26620b4cc4390d3a1b9cef65fb9b
15b8840eca02d8e7c9c14f0724f3b85dc293c393
d705c5eabbb0529901637c67ca2726629160462ac3478eca3079c97d12dab565

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/55799.274042d04.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3c3"
expires: Sun, 16 Apr 2034 10:38:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1219154
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062acb320b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg

154.197.121.128

200 OK

9.0 kB

URL GET HTTP/2
1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
9.0 kB (9021 bytes)
Hash
ee7f334d83ac78ee94aa7cb499a7d252
acaf3f1ec2dd643c920f036bceed9922c4398d9a
eef20c5785f1ea1445bc5d54982011d999ae577a2d354eb7035465336ad1555b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/7mojos%20slots.c8ad63b4f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:12 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-233d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1968
expires: Thu, 18 Apr 2024 14:38:12 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640622dfe00b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/63502.4eb6af9c6.css

154.197.121.128

200 OK

31 kB

URL GET HTTP/2
1win-cdn.com/css/63502.4eb6af9c6.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ASCII text, with very long lines (30983)
Size
31 kB (30984 bytes)
Hash
6ee7fb9f34be0610d1ffef917c28252d
9bed7b5c58551aad5befdde5f9d3469022cd8eab
85352ce0e488050fb6f1359aa068a02435863c495b8498bce4d5a3f7c1151405

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/63502.4eb6af9c6.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: text/css
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-7908"
expires: Sun, 16 Apr 2034 10:38:11 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5191
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640619fc360b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/ab5b40cf-dfe7-4f2f-b1fd-a97c604df0e1.png@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/ab5b40cf-dfe7-4f2f-b1fd-a97c604df0e1.png@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/ab5b40cf-dfe7-4f2f-b1fd-a97c604df0e1.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/100hp/cf172287-80af-4bda-b8db-d310d561a47e.jpg@avif

188.114.97.1

200 OK

5.5 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/100hp/cf172287-80af-4bda-b8db-d310d561a47e.jpg@avif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
ISO Media, AVIF Image
Size
5.5 kB (5513 bytes)
Hash
9aa474c87686a98d4070ecf8be43f3df
bd21e941c4f76ddb8d64e09612419cb89fb4c6e3
39df99bbb751d73eae0d74e58f3c1b136973765941b09e07d8d7ff0add1a2714

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/100hp/cf172287-80af-4bda-b8db-d310d561a47e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:14 GMT
content-type: image/avif
content-length: 5513
cache-control: public, max-age=31536000
content-disposition: inline; filename="cf172287-80af-4bda-b8db-d310d561a47e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM3ZjRmLTMwMGYyIg"
expires: Thu, 25 Apr 2024 10:38:14 GMT
x-request-id: oocaEvaKvOwqk7ZvLPqPZ
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GCItoanpmucDHs1pgcrJU3Rp%2F%2BzLqP2q%2BIaNJBRpJJpivckoo6HyolxZPuNUYbRfxVa0gK%2FRoEXnHSXfGH0gXxTNb2dQfih5BHQRLcIv3bPmd8DK5GWO5CQBnEyHaNAqeg1BOuQhrs8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062d183e569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/chunk-vendors.4518b2e7d.js

154.197.121.128

200 OK

231 kB

URL GET HTTP/2
1win-cdn.com/js/chunk-vendors.4518b2e7d.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
JavaScript source, ASCII text, with very long lines (36138)
Size
231 kB (230586 bytes)
Hash
c4b15f512b08aa602a53b6e6d8f7d674
60460221425a34a40643a5ffcc12e92f8cf7aaf3
03aee039311e09271504896f7eba4ef4940489c4ed416e84832ac8926e3c4139

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-vendors.4518b2e7d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:11 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-384ba"
expires: Sun, 16 Apr 2034 10:38:11 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 241665
set-cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg; path=/; expires=Thu, 18-Apr-24 11:08:11 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764061829c60b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/big%20time%20gaming.e2bd46001.svg

154.197.121.128

200 OK

5.6 kB

URL GET HTTP/2
1win-cdn.com/img/big%20time%20gaming.e2bd46001.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
5.6 kB (5609 bytes)
Hash
736482b909f3d90f4b87845b06343f95
05501f25bbd97642449a87b6113fbb3a2cf36f41
68f08269f37245370fb3122fa2c76f755644e1a9cce3e1abb1cda283aff2de62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/big%20time%20gaming.e2bd46001.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-15e9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1969
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062378d80b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/evolution.acb5f3085.svg

154.197.121.128

200 OK

2.5 kB

URL GET HTTP/2
1win-cdn.com/img/evolution.acb5f3085.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wytvn.life/casino/play/aviator]
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64
ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2522 bytes)
Hash
a27852d0f8f77af9c6a274605b932984
415500832c34ac475d87411fa799dead414701b4
c162d16756ed886b03e4195178b00ea6d54baa3e71ce40f0dd46f3ebb3643e39

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/evolution.acb5f3085.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wytvn.life/
Cookie: __cf_bm=zBcHPqc7JY.PzkWWYkdZqEDQ3aGlYGeL4YoQ0W4dBes-1713436691-1.0.1.1-Z0r27f.KALqS7UKPTHvcuxeSPD.9Pm6_cQb_j5_yj7HBxIUXQNQkyqvfrrAPLALI98TK04RgtonH20J1O9tAWg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:13 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-9da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6992
expires: Thu, 18 Apr 2024 14:38:13 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764062429e90b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (88)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL