| 1wnvt.com/core-js/3.33.3/minified.js |  190.115.24.78 | | 74 kB |
URL 1wnvt.com/core-js/3.33.3/minified.js IP190.115.24.78:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (31999) Hash38facf849f100d0fe6269a53a7bca451 9bb69f981438d48b093bd1eb673885476b4932f0 ce68e1614ab493deaecfa6eb9711736de0348248e1d559b5f6dfb5dc4c29b459
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wnvt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __ddg1_=ye11PU1adN2X0p95qfj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 00:16:38 GMT
content-type: application/javascript
last-modified: Mon, 06 May 2024 11:24:48 GMT
etag: W/"6638be00-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 68255
content-length: 74494
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 |  154.197.121.128 | | 33 kB |
URL 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typeWeb Open Font Format (Version 2), TrueType, length 33064, version 1.0 Hashde175cbf569bb3ccf1f761c845cbd896 8d93663b858bae157ba5fc40e1400177104d71bd df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wnvt.com/
Origin: https://1wnvt.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:14 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: "663a73fd-8128"
expires: Fri, 05 May 2034 19:14:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=k4YFCv.1qpa3PSDUFk8OBvubHRU_uwi8gqRfyCQJrds-1715109254-1.0.1.1-5dEWxD3YN6i1gpTwa9bYHwh_lE8KZ53FBpXTRanwSBUYCXrrn4v7bqSTSqpck4lmHPB6HjwAVZXJFiY.qL2lUA; path=/; expires=Tue, 07-May-24 19:44:14 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388257d0756b9-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 | 154.197.121.128 | | 44 kB |
URL 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typeWeb Open Font Format (Version 2), TrueType, length 43512, version 1.0 Hash426f20bb65ea80d35f3f2a999d5d7d1e 85f211a450f26d7f0822d718fc61085a506fa455 06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wnvt.com/
Origin: https://1wnvt.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:14 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: "663a73fd-a9f8"
expires: Fri, 05 May 2034 19:14:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=Zjz7OnkgK9ZrMaL3SR69805K6DTx19zBRqse3_5OZoc-1715109254-1.0.1.1-RWPlN2Z2H1cijLUfsUgBrxSK1sOK3IuIfqurPU0AeYfGOQFIGKLFrPBm.Eg0lsjwjRlrEm3XXPb.8MzkUDbS8A; path=/; expires=Tue, 07-May-24 19:44:14 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388259d5256b9-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/63502.d79807f7c.js | 154.197.121.128 | 200 OK | 26 kB |
URL GET HTTP/21win-cdn.com/js/63502.d79807f7c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash12c67e0c372bb9fb9caa39dadb1e8576 b8d258eaba4572d74f81c8450a9e4d00a31eef1e 899d3bbd41700541dc0a62ad7d5a5a7319d1ef5df1437b5a8c8ac66712f5b2cb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/63502.d79807f7c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-2103b"
expires: Fri, 05 May 2034 19:14:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 123387
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388279b14569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.9b5c75c67.js | 154.197.121.128 | | 49 kB |
URL 1win-cdn.com/js/desktop.9b5c75c67.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash6a58ce71be6e82e27f0f01e979094806 f01706335458ed85e49c19278d69a40419b71c4b 8f2deab2328fbb7b1913d5ed18e20f7c6fd236f67eb87b5fb09ac311231f60ba
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.9b5c75c67.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-214fe"
expires: Fri, 05 May 2034 19:14:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 21063
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388274a55569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wnvt.com/affiliate:link_visit?visit_domain=1wnvt.com&sub_ids=undefined | 190.115.24.78 | 200 OK | 4.1 kB |
URL GET HTTP/21wnvt.com/affiliate:link_visit?visit_domain=1wnvt.com&sub_ids=undefined IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wnvt.com Fingerprint4A:CE:8F:B4:90:55:2D:96:82:8C:A1:B5:49:2B:23:21:DA:1A:34:FB ValiditySun, 05 May 2024 03:41:29 GMT - Sat, 03 Aug 2024 03:41:28 GMT
File typegzip compressed data, from Unix Hash9ceae755a63a5fb8757fef65302ef04a 154926630a02913eec7f9a55a4cb824916ac31dc fd896342276c1b68007828a3ce9dadf7134543e41980b057a6621a5133b4f35f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /affiliate:link_visit?visit_domain=1wnvt.com&sub_ids=undefined HTTP/1.1
Host: 1wnvt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wnvt.com/
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=ye11PU1adN2X0p95qfj3; visit_domain=1wnvt.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 19:14:14 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.108.128:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.9b5c75c67.js | 154.197.121.128 | | 37 kB |
URL 1win-cdn.com/js/desktop.9b5c75c67.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashead5f48238ad0862bce431e01e02f20f 97c3cb7154b444c791f7fd6b37e3616361d11aff e0c2e5e70e83d8940839091f39e18055121d35d0b42e3dd78a37a3624849a9d2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.9b5c75c67.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-214fe"
expires: Fri, 05 May 2034 19:14:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 21063
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038827ab39569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wnvt.com&EIO=4&transport=websocket |  134.122.54.186 | | 0 B |
URL 1win.direct/v4/socket.io/?Language=en&xorigin=1wnvt.com&EIO=4&transport=websocket IP134.122.54.186:0 ASN#14061 DIGITALOCEAN-ASN
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wnvt.com&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wnvt.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zu+Aru5KuaSQS1UP8ygwIw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: lQwJQigJGhgo1pqQLT8nYZ9WP8M=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=c9d01fd0578533b0; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1wnvt.com/img/logo/main/1win-normal.svg | 190.115.24.78 | | 63 kB |
URL 1wnvt.com/img/logo/main/1win-normal.svg IP190.115.24.78:0
File typeSVG Scalable Vector Graphics image Hash0a5e2aff3499f587617337c0add83e72 c713ec3dbfd744114ba3b9cbf7b9ce3d40fbd8a4 a5cb3d03f299b837679eaa793491a03acc5fc1afdbc7f207b7566646f3bd2ecb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1wnvt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __ddg1_=ye11PU1adN2X0p95qfj3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 19:14:13 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-1221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
|
|
| 1wnvt.com/firebase/8.1.1/firebase-app.js | 190.115.24.78 | | 6.6 kB |
URL 1wnvt.com/firebase/8.1.1/firebase-app.js IP190.115.24.78:0
File typeJavaScript source, ASCII text, with very long lines (19927) Hash5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wnvt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __ddg1_=ye11PU1adN2X0p95qfj3; visit_domain=1wnvt.com; core-sticky=http://10.233.108.128:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI4NDE2YmEwOC1jNDIzLTRhNDEtODkzZS1hNzY2NDhmOGM1YmUlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MTA5MjU0NjY5JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTEwOTI1NDcxNCUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 00:16:42 GMT
content-type: application/javascript
last-modified: Mon, 06 May 2024 11:24:48 GMT
etag: W/"6638be00-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 68253
content-length: 6578
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1wnvt.com/firebase/8.1.1/firebase-messaging.js | 190.115.24.78 | | 11 kB |
URL 1wnvt.com/firebase/8.1.1/firebase-messaging.js IP190.115.24.78:0
File typeJavaScript source, ASCII text, with very long lines (40719) Hash450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wnvt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __ddg1_=ye11PU1adN2X0p95qfj3; visit_domain=1wnvt.com; core-sticky=http://10.233.108.128:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI4NDE2YmEwOC1jNDIzLTRhNDEtODkzZS1hNzY2NDhmOGM1YmUlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MTA5MjU0NjY5JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTEwOTI1NDcxNCUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 00:16:42 GMT
content-type: application/javascript
last-modified: Mon, 06 May 2024 11:24:48 GMT
etag: W/"6638be00-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 68253
content-length: 10915
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/47729.aeb93cc08.css | 154.197.121.128 | 200 OK | 8.2 kB |
URL GET HTTP/21win-cdn.com/css/47729.aeb93cc08.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash0f2774089113eca300bef08a5bd02475 b6f86bac9de7a529d8fe0318b2de0679ec664d16 f56f60b87b22986e8f2bf5f24939531f85a0eef41bf5f75046e3f59543166802
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/47729.aeb93cc08.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-2199"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 600341
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882d4dec569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 |  142.250.74.168 | | 106 kB |
URL www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP142.250.74.168:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (50345) Size106 kB (106454 bytes) Hash72e8250d789ec4f4a72bf21a7f821fbf b6defeb05d5087d757aa6c0db1de6da0bfa0740a 4952c0d1dd9d89f014c264e507db7e1072e6849415fdaa303b80619fffbb7108
GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 19:14:15 GMT
expires: Tue, 07 May 2024 19:14:15 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 18:55:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 106454
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js | 142.250.74.132 | 200 OK | 1.0 kB |
URL GET HTTP/2www.google.com/recaptcha/api.js IP142.250.74.132:443
CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99 ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT
Hash55151cd8b6411cfa25c461d66cf2678d c7b44a4aaaf7ee79f1166e8807e0feabbf87dddb 838cb6cf59a8c7aa1543c95a9fc53355c194c6f29fd8b5fc48fc57b6eec95888
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Tue, 07 May 2024 19:14:15 GMT
date: Tue, 07 May 2024 19:14:15 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png | 154.197.121.128 | | 20 kB |
URL 1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typePNG image data, 600 x 295, 8-bit colormap, non-interlaced Hashb924bd42443557a1ef9d41f043ddf175 a9db601e2941557cba7e3e688390aa43e8411e2e 8103c7873a41f0c2d28c5738b5bfb26bf324123930e0f49f7cf83964211b1def
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.daea5f5cb-600.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: image/png
content-length: 19467
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21524
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-5414"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 894
expires: Tue, 07 May 2024 23:14:15 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882f8a3d569a-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png | 172.67.181.254 | | 58 kB |
URL imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png IP172.67.181.254:0
File typePNG image data, 363 x 429, 8-bit colormap, non-interlaced Hashf5c26decf32eb643468c81ea9dc51585 32f26e84d2cc98f1f932ebba175eb9bb1cb18cfd 05bc5fe29e1b5dd0da7faf912adab322dbf0297cb36d5efdb12d64aff4d98ac7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: image/png
content-length: 58091
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2MzExOTVhLWNjOTki"
x-request-id: _aNjZdmyrajc8nPHTFr2D
cf-cache-status: HIT
age: 594621
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K0Pvagsu4QKq7wPe%2FUlSF%2BkiEigdwcuIxrh3oDM4%2BY91KKI92nadarU%2Bh%2BVfi%2BKPcMeJOfzJkqEUpvWNagMMuGY5a2mWeErGhR9awbHA%2FCPKygYfm62BYMkPKTvEW0829JKF7Yru8ts%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882fbde15693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png | 172.67.181.254 | 200 OK | 50 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 362 x 429, 8-bit colormap, non-interlaced Hashb0b99e0a3f5f6fc44052e30eae903c63 822d3283ea4b2e2dba9b7454a3cce37dd7b67d7a e8a9883494dafb98df5bc26bae6e699673f4dcc1ee90aa8b5296f3ff88f66954
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: image/png
content-length: 49865
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2MzExOTVhLWMyMGQi"
x-request-id: 9_ruTBS0Tkm7jz1RUzGRw
cf-cache-status: HIT
age: 594973
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7vv6TIQJAm7IOqIg1Hkl8V6BMNsF%2F4FzN%2F4aomDw6BvI2swYzQeznhRNiRBzVOKMEUbWqr4H44lXb9yw3aiBZveg8DmzjQsqVCn9ArKqp26bGtkJr3GuTLc%2FK4LM51Wh2caMbUfxuV4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882fbdf65693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png | 154.197.121.128 | | 5.3 kB |
URL 1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typePNG image data, 120 x 97, 8-bit colormap, non-interlaced Hash911fa68d94dd3f2bc8ceff2671e87bdd 9bca43449cf32e95c62291a802cad6e6c4493025 9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: image/png
content-length: 5274
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a73fd-18d2"
last-modified: Tue, 07 May 2024 18:33:33 GMT
cf-cache-status: HIT
age: 1104
expires: Tue, 07 May 2024 23:14:15 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388307be1569a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png | 154.197.121.128 | | 3.9 kB |
URL 1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hashbd11730c197227300ae5e1b00b8cc637 c0e28cfb09642e9402f12f9c6677242ef671de33 2868cadf19218572e4970158bb91602551898a040cac6fed88b1d98d77f1b649
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-tvbet-frame@2.52cde99d0-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: image/png
content-length: 3888
cf-bgj: imgq:100,h2pri
cf-polished: origSize=4458
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-116a"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:15 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388309c2a569a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png | 154.197.121.128 | | 16 kB |
URL 1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hash2018c59c5dccfaec96873d1ce9a60276 46ad94df758fdb9f0a257d99fcf52314cf5df926 b57379b1cd70db0d460ce31140e81eb78d3347ad6f7dd2cf9fe1c624d5e65439
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-dice-frame@2.8e0d70675-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: image/png
content-length: 15901
cf-bgj: imgq:100,h2pri
cf-polished: origSize=17269
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-4375"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:15 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038830ac3c569a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/39061.47d3b467c.js | 154.197.121.128 | 200 OK | 45 kB |
URL GET HTTP/21win-cdn.com/js/39061.47d3b467c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashee764fd8f7392b58b88442581f0cfca1 39dcc6c8632c149c92af7fa1f7483efd6a27eb52 1a9742fadbf942aa608d5bfc143af495d3ab8481eaa8efd6f76cb288e48fde1b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/39061.47d3b467c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-16929"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 381927
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882cdd51569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57652.297e4ecc2.js | 154.197.121.128 | | 9.8 kB |
URL 1win-cdn.com/js/57652.297e4ecc2.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash8fde5bb2e88c0dfcea2ceebf895d0387 ac884dc94165b414a1b0e57da3131f1b51ab7ae0 08e3ec12c54b8b32e1ab407c39540b48f256e95730090a5dcff426d4cc456793
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 614089
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882f7a12569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/1279.7681fe15f.js | 154.197.121.128 | | 354 kB |
URL 1win-cdn.com/js/1279.7681fe15f.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Size354 kB (354435 bytes) Hashce8a1faffd9a60e159bac96603d13460 d3be2a685f50a646bb6c0f9669776ffdd132614e 67d2d74d84b546b79a38d1b94494b367f3904319eeeb6cd0db11d91ff0dc5852
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/1279.7681fe15f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38f"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 614089
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388306bb5569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90511.4bc374431.js | 154.197.121.128 | | 361 kB |
URL 1win-cdn.com/js/90511.4bc374431.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Size361 kB (361334 bytes) Hash692b379eb7297103f69acb09ff975a5c 9945a4b7fcadb673a9d2838bf49d36ed8689f09e 2fec7179a960a60ec349e8faa686127c18e40cbab6b7778a6190585b211597e6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 600820
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882f7a15569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/37061.57ea53f4c.js | 154.197.121.128 | | 442 kB |
URL 1win-cdn.com/js/37061.57ea53f4c.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Size442 kB (442209 bytes) Hash55276a80a8734be1d86cd87796508789 8eab8d14c8f98677370d728ef83b141a92b24519 fad9889e941ffc0c5e4eb3f84ec0e3703fc283fbfc2d3c251bbbaecd02507c2b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/37061.57ea53f4c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 16:49:25 GMT
etag: W/"662bdb15-6074"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 601243
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882ccd20569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/35967.a72ac7974.js | 154.197.121.128 | | 18 kB |
URL 1win-cdn.com/js/35967.a72ac7974.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashcdd101f489261d8f47c335cb9f8c76ba 6e28d66f50bd3f5c0e66f85e97e8cdc2b3a822b0 543c0bf646a15fc3e87bb74180e0f06c5d12a5ba4de637300e9b46fba57dac79
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/35967.a72ac7974.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3be"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 601242
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388301b13569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-vendors.84f8d8042.js | 154.197.121.128 | 200 OK | 832 kB |
URL GET HTTP/21win-cdn.com/js/chunk-vendors.84f8d8042.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size832 kB (831522 bytes) Hash5491eb2e7dd9dbaff0f47e45dd41d5b6 2368ad0ae4fa86cb3f62a29be697ba39a72b3f68 7062b788385b1812ff37a5eb3459270f1967ada812f8928e133e2fee12437b92
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-vendors.84f8d8042.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 11:30:31 GMT
etag: W/"662a3ed7-3bb32"
expires: Fri, 05 May 2034 19:14:13 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 601306
set-cookie: __cf_bm=5zepYtThYCJCKOAXHBSFKtl7YU3nQR_DyiyO53HZhAE-1715109253-1.0.1.1-2.k4hA2t4v1j3IZ3YuJo_CRxCqPw9i6CJKaf7ZyaARRfy0miyx.djbaYoOau.9BBtgP.xaYOtgjbhGnRdWNEpA; path=/; expires=Tue, 07-May-24 19:44:13 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388256ec2569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp | 154.197.121.128 | | 12 kB |
URL 1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typeRIFF (little-endian) data, Web/P image Hash45df6c11399190f031e9db37f9f4e785 a8a641e38f707a584b72a5ad5c010e7bbcd7920c 121521ac13372efb3f1ab4c324432d8660fbea196e96df7916ce7457699705a3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.a77f0d650-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/webp
content-length: 12264
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: "663a5087-2fe8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 138
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388320ecc569a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_android_en.b229a444a-690.png | 154.197.121.128 | | 33 kB |
URL 1win-cdn.com/img/pwa_android_en.b229a444a-690.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash43e03a24e305838eac0629c5cbf85550 85c71568d1008a17b928ac548987911daf187020 368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a73fd-9305"
last-modified: Tue, 07 May 2024 18:33:33 GMT
cf-cache-status: HIT
age: 136
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388320ecd569a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png | 154.197.121.128 | | 35 kB |
URL 1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash232d05b165c6b0fc9695db490aa71f47 f04ccc74ebd190747114ceeb882d51db8e9268c6 9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 34925
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-989a"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 136
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038832bfe6569a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91635.a2db5f817.js | 154.197.121.128 | | 9.1 kB |
URL 1win-cdn.com/js/91635.a2db5f817.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashd0b3788035b059c95e1f7e304e7e6f2a e9eb35a269bb9f0c6946198f23e6b3e0a7adaa48 1c02a75e9445ee359d00d5997ca3a70ee46a2a0af2a8ddf2065bada5a4b61990
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/91635.a2db5f817.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2ec"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 605596
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882e3fc7569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/en.svg | 154.197.121.128 | | 6.1 kB |
URL 1win-cdn.com/img/flags/en.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashf86de4aa1bec4fceebc6527092277638 00f6acd29858b0d28a42e975a95d095ec52cb7a9 4d914ced09d9aa3eaf79e6040c114f8226d8eb1127b0447a2275392f73d076fe
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1117
expires: Tue, 07 May 2024 23:14:15 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882f59dc569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/48357.321450720.css | 154.197.121.128 | | 6.9 kB |
URL 1win-cdn.com/css/48357.321450720.css IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashfe2144a08e586009060c9117ac43859b f95da4d81c39091e4f4f81dfe3fc32d19a19ee15 1013b7043e64ca7e2a0a63355be7cbe167a9685a11603b2b933fbc83c5b27918
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/48357.321450720.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-4c23"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 611225
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882ced5d569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/casino-mentor.f6b6387ac-172.png | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET HTTP/21win-cdn.com/img/casino-mentor.f6b6387ac-172.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 172 x 50, 8-bit colormap, non-interlaced Hash3ec6ec7d9016e953c300249c2af5704f e7b2ec568a2118a744cdd1fabe6fa8959c637532 135d5b6cdac55c8f3598b1d5d04bcf737608501709df2567d270fd30ba02b25a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/casino-mentor.f6b6387ac-172.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 1857
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1976
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-7b8"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 1516
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038834bbcc569a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betraja.5cf6f15c0-75.png | 154.197.121.128 | | 1.1 kB |
URL 1win-cdn.com/img/betraja.5cf6f15c0-75.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typePNG image data, 75 x 75, 8-bit colormap, non-interlaced Hash2840e342f235c6d7d76db654ff6a0edd 8f81dc2954a1e234394d7b284e02742730f25f37 2ad89292fa4c717acf6c24a9fa1f4c795f1e63f7e03bd4800c73f989c595a950
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/betraja.5cf6f15c0-75.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 1054
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1174
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-496"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 4155
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038834bbc8569a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/745.ca3fa56a5.js | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/js/745.ca3fa56a5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash35f0718d492f04afca5a45b5920464de 20f0ecfbd90d25040b5b3e59acb10d7510faf4ea fe508f202cc2614349a41ba95f85824809b34f888f8539ec5b7e9599fd7d3174
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/745.ca3fa56a5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-5eb8"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 381927
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882d3de5569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c | 142.250.74.168 | | 92 kB |
URL www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP142.250.74.168:0
File typeJavaScript source, ASCII text, with very long lines (5955) Hashca55c42c7aeff4a88b0fa0c7c263bdff ac46877b13c8a160d8d5aaa2bc95d519034f37ed c30d38cda918e8cdd2d914d56be3ca655a4f8fddef470e189d61a5c20c938de3
GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 19:14:16 GMT
expires: Tue, 07 May 2024 19:14:16 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91540
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 87 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hash881f199f0578771d0a66b91b1a3f47f4 58195be2f1b60b6d8caf1e1d7938ca312a6c9b7a fe1423fb864f7184dc171cedf6d6d7199a2f709a67708fba2a4ebd257b873e84
GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 19:14:16 GMT
expires: Tue, 07 May 2024 19:14:16 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 18:35:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87449
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/js/48430.9af74daeb.js | 154.197.121.128 | | 75 kB |
URL 1win-cdn.com/js/48430.9af74daeb.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashbe9c97fa4ce408394bb10ffd4d1d4fa3 57ecdd59da3ca83fa9f2db6ebfdeff71967be324 24b35668df6c4757e732dd750a2dc93edd52ca68fc11ecd6f2f50cad4e7abfb0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/48430.9af74daeb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-496"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 605596
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882e7833569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/nhl.9b1a4945d.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET HTTP/21win-cdn.com/img/nhl.9b1a4945d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hasheb10d1e6095862041152fad7a618a9ba 6da970f215b48928a04e4a64307a45133ba7e6e8 6191ab987ada19a02cc26a786ab8ee0d2633a117b21acb03f6f31fe24783ef3c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/nhl.9b1a4945d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-1584"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1776
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038834ab99569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp | 154.197.121.128 | | 40 kB |
URL 1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash14de8fd7c8de24bb9f6f89ddd3c2d480 9635193c712dafa2c58339dee09588880a96a980 633593c73a175eabb2a5716a04aa84b1b49fc8e4ac4687b07509db36350076b7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_bg.0e037ee17-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/webp
content-length: 39614
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: "663a5087-9abe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4083
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388367f31569a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp | 154.197.121.128 | | 25 kB |
URL 1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typeRIFF (little-endian) data, Web/P image Hash1f85b44a5305e8928fcae8922301d92a 7ecc0724a7560af7c4debc83014bab875eba685b 660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/webp
content-length: 25292
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: "663a5087-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4083
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388368f3d569a-OSL
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.99 | | 206 kB |
URL www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.99:0
File typeJavaScript source, ASCII text, with very long lines (631) Size206 kB (205803 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wnvt.com
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 May 2024 13:33:10 GMT
expires: Wed, 07 May 2025 13:33:10 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 20466
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/itf.9b1402c42.svg | 154.197.121.128 | | 1.8 kB |
URL 1win-cdn.com/img/itf.9b1402c42.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash6d9e5474bc96d7dcdeb42178771014b7 a443b1a6768068417179524e03314a33281e9454 b1a27df07ba6d1dc45e5a8970a1acd437e0ea09aa277243586e270be01e5c85f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/itf.9b1402c42.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-af0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4095
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038834abaa569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1028977373.1715109257>m=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=2090714273 | 142.250.74.163 | | 42 B |
URL www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1028977373.1715109257>m=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=2090714273 IP142.250.74.163:0
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1028977373.1715109257>m=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=2090714273 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 May 2024 19:14:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png | 172.67.181.254 | | 54 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png IP172.67.181.254:0
File typePNG image data, 420 x 312, 8-bit colormap, non-interlaced Hash55fed07cf1edc4f5b1876a0a2880e5fe d7d653085a98230d6ffc01f7f4bdcc4035574d59 eaf23ee9a1eb0f24a464fc184ecd0b34a2b57dc5d5c3b773bc2a503150e6da38
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/png
content-length: 53775
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MTY2NmI4LTJiMmQxIg"
x-request-id: kWh-NKk8329mVK9k5vj5-
cf-cache-status: HIT
age: 4458
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KlikIVfTDtCqcDvrHxn2TyGpjqP6RTjjbxFQcY1bxhj%2BdBDwZPFM%2Fb9pdzh3wVb5ZP21YHFyZZ3eP%2BSwJ451MVFJQwq7hFbD3Ixp%2F4eElx0mSbFzxnNNExjniuiB9%2BvSSJjgyhipNqs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388386dc15693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/32005.5701eb106.js | 154.197.121.128 | 200 OK | 3.6 kB |
URL GET HTTP/21win-cdn.com/js/32005.5701eb106.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash84ead000c45ae92668c25dec6adf6fe8 043027de7b588fde65d977b7bae707025fd3c5f7 d19251375e94d467b55afb075c85240c963c6760ba572071b5f1742b8fb3fb52
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/32005.5701eb106.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-2428"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 21083
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882d0d87569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif | 172.67.181.254 | 200 OK | 6.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash049927e2f79d1b3f7c0db06be6378930 bc6a9c76a5027d6e63381bb7cf0ff70068d06792 8488c7746bd184e9f0210a44f098d433e1f94e2bec27d1e26c2b75cf82250b17
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/avif
content-length: 6321
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTY2NmI4LTJiMmQxIg"
x-request-id: uf4G2aWnOYwTdyosxHGo1
cf-cache-status: HIT
age: 600476
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gwCJTaA%2FeX9G%2F8pejV2M5I5ChyqwesfnP39kKmEjEOx0ddgxFlJhb07i%2Fh6KFGxxwgkenag88gF4DG6J0Iu5HmUjiMlyyJ2pBRsKT8Ysztxd%2Bgxuv0Zln7fGy5NnGn8sBkTuM%2Btw430%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038838ce655693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinomenal.e0cf93b3a.svg | 154.197.121.128 | | 6.2 kB |
URL 1win-cdn.com/img/spinomenal.e0cf93b3a.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash1c04fb578ba629954f0ea41eab38bfd4 3d4199cb9ab33cfe08630425c6a7023afdc729ea 0353b1e053d8b2e7f6759d70cf31790096cd4af6cf2ee94866d476c1c5ab4435
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spinomenal.e0cf93b3a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-8d0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1875
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038838aab9569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/44101.cd5168bbb.js | 154.197.121.128 | 200 OK | 24 kB |
URL GET HTTP/21win-cdn.com/js/44101.cd5168bbb.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash7623834d091eef37d22c4f455a8d0032 ed1e7edb3993087a09c4d034c22fcfaa1c92da06 e208add07e90430a46e1aaf01fece86bb9c113d6ad64a7c9ade1dc2587f9f4b7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/44101.cd5168bbb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-8119"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 109650
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882cdd37569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif | 172.67.181.254 | | 5.6 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif IP172.67.181.254:0
Hashbaf3f199ffdfb682bbcd9d3837e517c0 3803d7a122952937942ab92c0724af229c4f2dfe 2e33b0efc808c5c2e8e2741821e0b3aa7f595fd7c5d14b51a5b0b75c5fd87058
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/avif
content-length: 5627
cache-control: public, max-age=31536000
content-disposition: inline; filename="0c8b561e-d1d5-4e08-903f-f0b53d280c7c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MThkLTE2MjkwIg"
x-request-id: sqvHPCw8RSGhIoq_jQMf2
cf-cache-status: HIT
age: 10236
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7uSCWrHlcqvlwakMV7nhTqrEy3tYCDfDqwnGcgrDySGMrDQLvpqA34v8httLoKjbkIgLuFG0ID8Z3JQKpmvho7CFmokDEQU3MvwgRLzLX46FaIEit9DZiVE%2F57YNitBccMgk3GfUErc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038838ce685693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png | 143.204.42.118 | | 3.9 kB |
URL d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png IP143.204.42.118:0
File typePNG image data, 124 x 48, 8-bit colormap, non-interlaced Hash3219393f1efd01cf2db20820dff57cf2 ebdbcf916084a0d5a70680021d269680e9f41d41 8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06
GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 3884
date: Tue, 07 May 2024 18:02:38 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: feyClL2AJ9lpoMhkCyJZ_mpUonL0nWOz27UkRjitMzNQiK73xf4d5w==
age: 4300
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715109255143&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1028977373.1715109257&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1715109256&sct=1&seg=0&dl=https%3A%2F%2F1wnvt.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wnvt.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3719 | 216.239.32.36 | | 0 B |
URL region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715109255143&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1028977373.1715109257&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1715109256&sct=1&seg=0&dl=https%3A%2F%2F1wnvt.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wnvt.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3719 IP216.239.32.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715109255143&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1028977373.1715109257&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1715109256&sct=1&seg=0&dl=https%3A%2F%2F1wnvt.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wnvt.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3719 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wnvt.com
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wnvt.com
date: Tue, 07 May 2024 19:14:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif | 172.67.181.254 | | 7.4 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif IP172.67.181.254:0
Hash7d78a951d170034c2ce027bf5ea6c69f 56ffbce11b718eceeb70ad7ac12f28f44f3c8b93 8edab6a41bf81d3abcef43bc57b4c446cd3c493af6eb231409f7b0ecaaf56dfd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 7441
cache-control: public, max-age=31536000
content-disposition: inline; filename="816dc231-c8b7-4ffb-bae9-d78caff7e923.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjNhOTQ4LTI4YTY3Ig"
x-request-id: DqTBFz-huGT-LFs2ZsACa
cf-cache-status: HIT
age: 600477
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wKtuu7d%2B3qt0d3Ck0dDOrBTCl6PUZM9eIdDa2REtc5Pl4Ed8o5Dci9Y3r0Xypcw4GTVROAd1B%2BN22JOJk6Ii4TWTMiFMOCtYIyVvcfgXob7Jfsj6asZVLQ94Ww9QSGDyiV05hRuhCCE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038840fd795693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif | 172.67.181.254 | | 3.3 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif IP172.67.181.254:0
Hashb521bef6762ffadc98bae1073bc51102 d954bae917b2dbe88dd99f4861378026617c0051 5ea36ff6bcb73fe3cb477b259728a597be8b170546984eb824ec3582d1c6e207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 3320
cache-control: public, max-age=31536000
content-disposition: inline; filename="6c924d76-6964-4196-b545-1cc5c1ce019e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NTIwNWFmLTEwNzYxIg"
x-request-id: xOqcr0pspglCrlGtEnLgs
cf-cache-status: HIT
age: 2129
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QwanCXjhSW7NXzwYfGAQH2rCetMGdIZPX0nqhHVVW%2FpxCk9ejcfAznxLszLrtLinjA4vVHN7DaH0TsQ%2BTDDqgduzReptdCwHD0R9Mjgrw1SeQKpEOKVLJREVEkbx%2FDCEsAHcQNnPyYk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388410d8f5693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/silverback.297288e25.svg | 154.197.121.128 | | 24 kB |
URL 1win-cdn.com/img/silverback.297288e25.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash5d564de4e73bf594192eb6173dbcf6f2 0ab7787eb5729df91656c27d16b62fb7b5263fa8 12d2fa75b599e4579065f9961d156556dd320eda92936ed5fb4240a579108894
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/silverback.297288e25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-a2dd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5722
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883ede6e569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif | 172.67.181.254 | 200 OK | 7.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4841c7a15b396644ee7ba8554ffb5bf6 a2829093874a49809c29b2d4a186e1af8cea5153 1e8c5d052a6863b10764bb9391767143f9c6599b48d966322520927913fb3d9c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 7407
cache-control: public, max-age=31536000
content-disposition: inline; filename="7fdd4ca4-61a6-451c-9533-185b9f88a4da.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MDg1NWMyLTQ5ZTFmIg"
x-request-id: ayKlLuwlDWjGizyzfc3h7
cf-cache-status: HIT
age: 3821
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q9Gt%2FnxvxGUU7mn6Db%2BIAVG8q8CCF9o7DFDJyzqdxXJMQ7tkTi%2FiACO47H8KPcjN0ez2rLmNh6v9G9%2BDf%2F3%2BhTwP5WSqdYlAsQw0ktbst%2FNrunqEjssjCVAAVJgrP5FlI0ydyGEInIg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388411db45693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/relax.1a68769f8.svg | 154.197.121.128 | | 8.2 kB |
URL 1win-cdn.com/img/relax.1a68769f8.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash87d3019a05869f01605142db21abcacc d045aaa56f1927538c3cb76a99927dec9c3f8089 5042ed742856bb3a0451fdd095b7cf882a602b5328edd2509595c1c56e0754e6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/relax.1a68769f8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5978
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883e7d73569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/slotmill.c42ddd447.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/img/slotmill.c42ddd447.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashbc961c2a71deee68ea5d0fcdbece693b 9cf775f1c928183d77a196deff6e1255305dcacb 1e7f02f57db955c6b20bc812ee332ca950632e403a65a8dc8a06f68b1c8f6e92
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/slotmill.c42ddd447.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-3313"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 130
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883ede87569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif | 172.67.181.254 | | 7.8 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif IP172.67.181.254:0
Hash6a86c5bb3ff2902051c8a5b9212df604 4c871b9b1b0da3cb252977e3177d302cad6230fd 131c4194037afc4e0e990751d6b75b478eef845d855d2d20bc2722612ddf671c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 7785
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWNlZTJkLTZiYjFhIg"
x-request-id: soAn6Cv9FDG1lRMNVYG9M
cf-cache-status: HIT
age: 1888
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=klV8S2E5UXxx7xz%2BChQIiDdLKg8xJtYc4b3RqL9wsRJ6UMnggMPfP4GqtpefEzgaHu1otL5ZpAeK%2FoXSSew5SEs2PPZ%2FYnW%2FRxvIGjNfcCfroqvDCXaSEyU3pZvchIp19mC%2FxThA7%2FU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388413dee5693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netent.95417a961.svg | 154.197.121.128 | | 8.8 kB |
URL 1win-cdn.com/img/netent.95417a961.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashd8d0f2325b0266495861809506da4e61 00ed2da536667e512da29a60fa594f80405a8233 bc4c450637e3ad2474a0b3e95f05f0ff09cfb70a3d1862b3b52e68e66fdc28ef
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/netent.95417a961.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-3f7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2306
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883e0c6e569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/nolimit%20city.5b7440267.svg | 154.197.121.128 | 200 OK | 7.8 kB |
URL GET HTTP/21win-cdn.com/img/nolimit%20city.5b7440267.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash82656e7e33dc01731e57681312e71f85 2df25045ab461efeb126c2e03458fc966bdb2f58 d7d6ff3dca3f1aaf07d0b7cbabb7c8488fb80f99d2b50059a1ce41e4b9f88279
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/nolimit%20city.5b7440267.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-693"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5722
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883e1c79569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/rubyplay.b4553f39e.svg | 154.197.121.128 | | 11 kB |
URL 1win-cdn.com/img/rubyplay.b4553f39e.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashab9f78e262aeb4d395fd360fcf4ee810 e0c26ce76671bb8d96242b56a2c10f8c94770a52 8fa6c9720e61da28f98ee4fdf78919f2070136e3cc8e1d28aa34624d74e63f9d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4556
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883ebe00569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/reelplay.06dc7f4c0.svg | 154.197.121.128 | | 14 kB |
URL 1win-cdn.com/img/reelplay.06dc7f4c0.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash33304d0dd32693775403d318fa58f9c2 236280bba2109f9df977960ba796d134513ab941 fa7c4c9f673537c1c13f8dc5407e39e368c24b0ef2f9cbe8f8895148ad92d2a0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/reelplay.06dc7f4c0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-60b9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5722
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883e7d72569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netgame.8e28ed366.svg | 154.197.121.128 | | 11 kB |
URL 1win-cdn.com/img/netgame.8e28ed366.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hasheadc3d1068b86ac055f18b8bd4da6b2e 7743337554889a03a8b3594c3dcfbfa609ca8db7 a77df0ac6588dc5e27ba46357bc99d566896276579b1e5ae246a03d2f54ad69e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/netgame.8e28ed366.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-b65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4556
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883e1c76569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@png | 172.67.181.254 | 200 OK | 59 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@png IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hashb0f06d0ef7268647da7e3b6750967c5b 1431e1d9cae2f096ba933a8a4156d258fe8fd929 d23444774528888037ab7cf3212e16ba23894f1a71597982eb382413ad752140
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/png
content-length: 59016
cache-control: public, max-age=31536000
content-disposition: inline; filename="096d2c09-0aad-4662-8a89-4d8777978e05.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY1ZGRmMGJkLTRkZmFlIg"
x-request-id: Q5uvSd88DPJPJGCS8pDXy
cf-cache-status: HIT
age: 596243
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LFuhGMH9BdQx8ihU9uZXn6%2FDSgCq%2Flv3sIbcM8iz7Q78cSRkYbm%2FEwLOJAku%2Fl1tzLu4TtbFbjTXikoELCSmREm3SOA22xvYILT9LTDReTqT0Z2dlwxUXBJADvN7Gn%2BFFV0%2FkpJ6r5k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038842b8655693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif | 172.67.181.254 | 200 OK | 5.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4ed163b7295ee97d380351dd868d4216 6987db5ad9f1b684e98e657aacb7dd38706e6a34 f612299c5c7d80db2a40298d6efbcce5aa740cbf02b0bfad807a91a60a11f606
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 4967
cache-control: public, max-age=31536000
content-disposition: inline; filename="096d2c09-0aad-4662-8a89-4d8777978e05.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZGRmMGJkLTRkZmFlIg"
x-request-id: tIWim6rSgFENbirgZB3aQ
cf-cache-status: HIT
age: 6435
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c5TvMYMYU2PDpqZHXr2eR%2BIg%2F8ZEAfQ1kfii44m0djJv%2BiIIt9A7arNlIzRIOykqL0Ov1TyWgD3wB7yPKVyZ6UQ%2BeWkhhhuaK3jlADRegknI%2FxRrOJAnOKX9AuGzVuMC3mHtH9JUXCI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803884329665693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@png | 172.67.181.254 | 200 OK | 5.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@png IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash3c7a3851260b12a9627faa9016f3ce1f 9df4442c906d9741c13ef21ed9eefb5f99d044c5 8b330aef0c0829a3f623aacd997fcae862db1c1b712f56cfdde0c267417d4942
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/png
content-length: 71379
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6a15f20-ce33-4ddc-9763-e38986fcdb2c.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MGMxZWU2LTNlZDNkIg"
x-request-id: ujA2cNL94Yxz0sc7Tk5LH
cf-cache-status: HIT
age: 5234
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eCmnxevrhG1rykGkVLBRHRUycdjKBDZNfMbBwvA06DJH%2FldAQgdKqrlHk%2BiWytHDf8EVtcqINxToXuXd%2FlU%2BJMu9%2FK0%2FsA587i3tdTxn8ukSWr1RlYwI%2Bevqg2%2B2lHFnbCTjR0LRrDU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038842b86b5693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif | 172.67.181.254 | | 8.2 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif IP172.67.181.254:0
Hash4690a4b61d201902c45336db8106dff9 939591a5793aa03ab3071614e332b2b9d25e4c27 26f706b40a0dfebff8f896074f248c0dd60d2ce1372c3d23bf8bc14c862fe976
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 8152
cache-control: public, max-age=31536000
content-disposition: inline; filename="cf957920-b419-48fc-9770-c04187b3098d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY5ODg1LTFmOWIzIg"
x-request-id: CuQxJIWN1LOaM0eYxzpAe
cf-cache-status: HIT
age: 780
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2BWg%2BnSU%2Far3k0SjbJecaSl2QMxdkMNYZrhfho0%2F1rkp5y4JCGKFLd20GHScvUYgBN4oYLs7vtEoCvXY5spGsaqRhOFnIb6QLBOaohaucyVf6EZ0jXNjwSB0cPfp5bUirH%2FtFGA5S2A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803884339715693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amusnet%20interactive.428b45c71.svg | 154.197.121.128 | | 13 kB |
URL 1win-cdn.com/img/amusnet%20interactive.428b45c71.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash503ddec4b13dce0f094e3ba6820f477d eacf2539e4dbda547ca10653c631b002a96b7a5f 6d4daf9e97159f68ae98c5e91d7f6b39c348f48644ff52dda87565f120280ee6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/amusnet%20interactive.428b45c71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-2a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4163
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883bafc8569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/skywind.9cd4f870b.svg | 154.197.121.128 | | 12 kB |
URL 1win-cdn.com/img/skywind.9cd4f870b.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashba9290a5f4c8260c3dd68c2cf341937d 53bfcb39bbeea43a305226d46423f7f3eb194b51 f6f5cd9518bba1dc6c822dd5979cb3f4632f1b4b93410e6e3e48198663fdd4d4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/skywind.9cd4f870b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-5e3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1876
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883ede84569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/ru.svg | 154.197.121.128 | | 4.9 kB |
URL 1win-cdn.com/img/flags/ru.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash1b7832b02bfa04d9d1812b184a58f8cb bc1460b2f359a5a162b039fce6d0c25bb65d11dc c9b83dbe4582536a4644315d850a54bfcab59ecf798d6f55e455a7157ec52c44
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/flags/ru.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-110"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4762
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038842ae6c569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderkick.6962312e1.svg | 154.197.121.128 | | 6.4 kB |
URL 1win-cdn.com/img/thunderkick.6962312e1.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash3a24ccb2c810ef397be5f48ba85760f4 b1a45289f0ff6ea5e42efaa537e04547af1f93e4 da850ec9226dfbf9f1428813f3fe95eb01ab6eae50e18e47ab1eb315ccff90f6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/thunderkick.6962312e1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 256
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883fa844569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/100hp%20gaming.8352a77d8.svg | 154.197.121.128 | | 11 kB |
URL 1win-cdn.com/img/100hp%20gaming.8352a77d8.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashadd3d312d935e7d5aa442ec1a500ba8f d5837813638b055cd2779b87832529d9d01e6cdb 0a0535f07214e92bd0e35c8bf8d51ee759fe7decb4978019872f90fbfde216b2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/100hp%20gaming.8352a77d8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-935"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4556
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883ade3f569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif | 172.67.181.254 | 200 OK | 7.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash91cb93c7b3bcfdaf5be22dd889c68647 20c0af4b44bfe11283e15f237fa8c762a10d4711 c8a4e944374127623a31b75cec94c6b6d3509cb961f03169774cd8d725b0cb4a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 7460
cache-control: public, max-age=31536000
content-disposition: inline; filename="728d6758-6f50-4b1b-8132-2430ff7e0aa6.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NzQ2ZGJmLWRhZDki"
x-request-id: nlnrqp76oKsPxZfPgQlZm
cf-cache-status: HIT
age: 600477
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bjEwIysDLvKpE0N42FhDdCUi3yINuqGu5BRH2mwQw1YQRXmK%2FR%2Fb91Y499UN1xJ6lYkepr8zbmIrMHm9%2Bojc52RTzR9w3oJAm2gCuPgdNEU72s7PvZGy1LCHoRsVKxkeYG%2FWDAvbK4I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038843396f5693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amatic.1ad22f1f0.svg | 154.197.121.128 | 200 OK | 9.7 kB |
URL GET HTTP/21win-cdn.com/img/amatic.1ad22f1f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash90598e33652c4b1c1fd8786d2dd81da0 a1af7ec90e6c38a9a4ca13b22868534692cb2f0e d9109ba40299b83ef395f885f503226de53ed4eafad7f72d65cfc2565d21c43b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/amatic.1ad22f1f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-400"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883b8f7c569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif | 172.67.181.254 | | 9.4 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif IP172.67.181.254:0
Hash7eb2cba4654091d306b65c6fe0a8f631 e1a4eecb3f5db01aa2774cf811e3c2cda95f426b ffd6b30a5e9e4e68ea1f492d19ba67578359d3a390dd90ea295cbc4bd81827d9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 9433
cache-control: public, max-age=31536000
content-disposition: inline; filename="57228a66-bd62-4072-a80c-3bef549a758c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY4Mzc0LTI1MTcxIg"
x-request-id: Y_S_l8ymuWqEP5rYiQsvA
cf-cache-status: HIT
age: 10268
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a0GasGOFEfwoYCvylLVVYC6vcDqOKp4BrnzhiDGzQShXyaAjCAMYnk5HYzu%2BILl3ME666ogFOfSk3O18zkM71vj1nx%2FsIHSlqzc9bcjNfZU8bP1yvNdXiBYTygcp3cMB9NTF6TudIdw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803884339895693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/salsa.8d18d113d.svg | 154.197.121.128 | | 7.9 kB |
URL 1win-cdn.com/img/salsa.8d18d113d.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashc6edefbd14f02376c9bfd71028a15541 0584e2159d884db96af4a12d29a7addd416436b4 5b2f986e26af768ed825ed9ec51a3aede27ee85f132c4b75d455360c0f4b777b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/salsa.8d18d113d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-1187"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 130
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883ece5e569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715109255143&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1028977373.1715109257&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1715109256&sct=1&seg=0&dl=https%3A%2F%2F1wnvt.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wnvt.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wnvt.com&tfd=8730 | 216.239.32.36 | | 0 B |
URL region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715109255143&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1028977373.1715109257&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1715109256&sct=1&seg=0&dl=https%3A%2F%2F1wnvt.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wnvt.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wnvt.com&tfd=8730 IP216.239.32.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715109255143&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1028977373.1715109257&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1715109256&sct=1&seg=0&dl=https%3A%2F%2F1wnvt.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wnvt.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wnvt.com&tfd=8730 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wnvt.com
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1wnvt.com
date: Tue, 07 May 2024 19:14:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/spadegaming.8dc1e9a8e.svg | 154.197.121.128 | | 12 kB |
URL 1win-cdn.com/img/spadegaming.8dc1e9a8e.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashfc20c2fa8fafbea969eb2d35735e1f7f be65ad85e06a10a0d9ccd5d792fceb536dcb0520 20127c8d89b9f59ce98e112aa766516b174ad402a87fdbf95121d966e343b363
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spadegaming.8dc1e9a8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-edd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 130
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883efece569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/retrogames.bb592a878.svg | 154.197.121.128 | 200 OK | 8.2 kB |
URL GET HTTP/21win-cdn.com/img/retrogames.bb592a878.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4772e53248eaa68bd05654647099555f af8b8239e28a0657058e8d206d5181748a65a1ea 3112cf4eb18f2ca6e91e2dadfb4c19bda879d390b8abd25534964f4220aa7bb1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/retrogames.bb592a878.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-1cb4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2307
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883e7d75569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=A2oxGabm51qqJnoaxQ7xHszxrgxY1-a8gGQ2sqMm6J3-BCMfhqfBapgZwZBv68c4SEdFvhRExoU4z3XsjDz877bAUA9ybJ2UQo6c8gtykyERvUzY0-ZxuneJv4St9VLi
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Tue, 07 May 2024 19:12:35 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 117
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/revolver.25aaacada.svg | 154.197.121.128 | | 6.8 kB |
URL 1win-cdn.com/img/revolver.25aaacada.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash870cea220ceb11881d9099b2166fbeb5 d79aecef7b7abb04dc06d643f5c0292c85406b5d 53eca31821ca3ac26fb01c68547914ac4637c1f4db140dc91e59fd8c368199a5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/revolver.25aaacada.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-f28"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 130
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883e7d76569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bonus.75b0226c8-1320.webp | 154.197.121.128 | | 48 kB |
URL 1win-cdn.com/img/bonus.75b0226c8-1320.webp IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash8c760c7064f0128ae142377fd17b2a06 edfcaffb6cd42075bfecedd2153fd44764d69df7 32161eece0cfdf13f56657eae013b7c465da15413d352eb0eca7ad536808750c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bonus.75b0226c8-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:35 GMT
content-type: image/webp
content-length: 47824
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: "663a73fd-bad0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: EXPIRED
expires: Tue, 07 May 2024 23:14:35 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388a93acf569a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wazdan.1cf2cebcc.svg | 154.197.121.128 | 200 OK | 49 kB |
URL GET HTTP/21win-cdn.com/img/wazdan.1cf2cebcc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash24c7b7ee9ac017f25f4f62da0dae01eb 1469c485c47722daffe2217c0c489aac0f32e74f 4bafb3b96b510f52ebacb1c489e3b5abf7f44d7823ec87ae8965aad6bb8a6ced
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/wazdan.1cf2cebcc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-7bd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2308
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883fe8c2569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/jetx.64787fc5c.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/jetx.64787fc5c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash0046061bb77d38094cc0f71b7371d406 1fd7894d0117251f1eeec1a343b85532d7864a05 bac9b1ac206602f5369235b21d6373b9b6f7980ff55c4e851d8a40f00db4d0fa
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5092
expires: Tue, 07 May 2024 23:14:15 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882f69f4569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bombay%20live.ab678ab94.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/bombay%20live.ab678ab94.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash291aed0c4eee33d7354cb7440283934c ed96adcc70c1f20adad6a9b7a4fa494c45a0d66e e74a67564e0b43deb9d4a6cf97c232567d7dc8111c457c32360d695c21692291
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bombay%20live.ab678ab94.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-5b4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883d6b10569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/leap.f4cfad944.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/leap.f4cfad944.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash9129fc106fce1317a16bb3acbd708de8 64dead6ad9646ce68218ae82cf9d369811d3b88d 993824f1fe4aa4c5c4132998d9b0a11fb719a92494f86e32d015a980473a59af
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/leap.f4cfad944.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-99d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 130
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883dec23569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif | 172.67.181.254 | 200 OK | 6.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash6eb918cc26ed4d4b3f96d5b031ebdd69 aca2ee56704a569aa16df44cd5420c8bfb31c6f1 3fba98236326ef72ca6967cc5e0f6ccd4f0f8cce5d06df23e1cbd78713ada4e9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/avif
content-length: 6537
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2M2EyOWUyLWNjOTki"
x-request-id: Rvzg_t1LM6_b7wss0rpv6
cf-cache-status: HIT
age: 10235
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DFjWp0g%2FIOKs%2Fkdx4EH0dgw2P7RGL834lCqznat1ayOW2l0M5HevAtfBQOf6WUrfJg2PKwKfR0ZUq5qiRhllGy%2BM3YikJw2pTrzacYOeoUQll8vKNC6hXXYaOPJLnwrQZh74lHTsX6s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038832bafd5693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif | 172.67.181.254 | 200 OK | 5.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash9d19a8ee72d8c48af25fdc64baaa1377 845b03e70fa87c6cd8025abe3c257117e0d88bb6 02a25486cea99e7a7cbc3a72ed94b5466705f26440184d1a2f2f5ebff6695ce3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 5859
cache-control: public, max-age=31536000
content-disposition: inline; filename="40223bea-129c-45a9-afed-277cad8ba9a1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDA5OTI1LTMwMWYwIg"
x-request-id: Gtd2gR3NIUujjGjkA0lEY
cf-cache-status: HIT
age: 600477
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iSAEirpoMUUQ4V4XozNxiQgP1S%2FeGV6CeMVbwcv1lpzKEWxCi%2BYIStaTBtS1quCHaDRbhR2twkbzOR%2BKTXajY71jtvxPSsUpk6dM9P%2F3QXn76jIozZTzwBwxjVxJD%2Bpwobe6RPvp1cY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388411dad5693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/31310.c605a9b9f.js | 154.197.121.128 | 200 OK | 528 B |
URL GET HTTP/21win-cdn.com/js/31310.c605a9b9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (546), with no line terminators Hash819ea0d23f76434d7cf7bdad5c0dc71f 06f5a3c6cd80db3f5850633d2f868f55e7e92447 3fc29ff364ab40aadf6f25a1d6423b9d333cfecf786e3cfcc04175850357eedb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 614089
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882f59d7569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/electric%20elephant%20.dd56c804d.svg | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET HTTP/21win-cdn.com/img/electric%20elephant%20.dd56c804d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashee4b076249d3d52c42ca2f59e03cae25 d072a4002835fbd0279757a42bed97a398e7adf7 9eeb2fb4664558d20a84cd82fb347d73ef91975eb4a5c5ee274b16f3ebd9c495
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/electric%20elephant%20.dd56c804d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-143b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883d9b7b569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif | 172.67.181.254 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hasha301711d2f250aac2cf9a7b842d5639e f64334b263231df3e7505d31d155e4277e8337db c44c30f8bb76dda1f98ed40d6aa5eb9e0b906618ba0ef88033c315b926d51668
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 7665
cache-control: public, max-age=31536000
content-disposition: inline; filename="a2d833f8-b8d6-4fb7-8063-08501557df20.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZmQ1ZTBlLTRmM2ViIg"
x-request-id: BJABdYmHfcvdKcjvabDcx
cf-cache-status: HIT
age: 6435
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4swKsbrVhq0Ru52TIQzj34fPIze8zoEdrC3rMdySK3jH2DqCyRFMaGYyLweL1quaNcE6Vj7DUhIt1fnH4rjtQfzyKazpKi4dZ%2B3qTNU7ucTvhwi1YGdqTW%2FcXlOvIGrqlKyDx4KqOZ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388412dbc5693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fifa.604717ea7.svg | 154.197.121.128 | 200 OK | 924 B |
URL GET HTTP/21win-cdn.com/img/fifa.604717ea7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash27cf15a53b2412f9ed5eed8d31e3e42c 7e36a8980f616c440e2be62e539ea1dbd932f668 da435f1ef957744b70f4ce88d8463e883b23601054fc39e53c31a80536ec590f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fifa.604717ea7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-39c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4095
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038834abb1569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fugaso.1a40d61ad.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/fugaso.1a40d61ad.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfbe83afa72fe7a858d1fcd467a7e3acb 5dc85aabeac449d7287662a7b6ffe2936e447b84 21f646343e711bc51884ff1699ff6dc11de867dd10a58fee0ad946c197d46cc0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fugaso.1a40d61ad.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-951"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4554
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883dbbae569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@png |  0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@png IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/bf%20games.7559aed26.svg | 154.197.121.128 | 200 OK | 5.0 kB |
URL GET HTTP/21win-cdn.com/img/bf%20games.7559aed26.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb94bb2811096b861bfbf8fbcd4de9149 17418a385bb399e79588ba1f6d3ee661c40197c5 c1f44795037017c6bfdb6b4e563a6c9323468cc8df433cfd871784dcf55472f1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bf%20games.7559aed26.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-1382"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4556
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883cb9de569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ezugi.a9c66babd.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/ezugi.a9c66babd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash329b99ccd51d8cd3e1a5c8a1b83a84eb ad907259ddfcffb089829ad24a4411ff1cd4b1c0 96e851dca3bca1d7d99061ec91cab28bd2c037ce8732e80a4ed601e86c0e67c4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3735
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883dab9d569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/4theplayer.f89265cdd.svg | 154.197.121.128 | 200 OK | 4.2 kB |
URL GET HTTP/21win-cdn.com/img/4theplayer.f89265cdd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash5cb7cf2507e642be8dd905487dc5ab67 68ad93bac5948542dade50964d8384eb9bff3573 f5bc2b7e50f7ecad4b80ce6102973c2cba12fdbd502b64505788c6f82ba08b66
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/4theplayer.f89265cdd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-1067"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883b3ed6569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playson.2ff1c7d85.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET HTTP/21win-cdn.com/img/playson.2ff1c7d85.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash241ae7d1512148f38162202a1838bcf7 7937917d26b57052c052b0cce94f5d1697c8caa7 a6bbee3377db6138a13bd0bd2bc21f778d1f5744a38653efe4acb48d8078367e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/playson.2ff1c7d85.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-ae5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5721
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883e4ced569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57552.ee60d28a1.js | 154.197.121.128 | 200 OK | 75 kB |
URL GET HTTP/21win-cdn.com/js/57552.ee60d28a1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash3640868f35b73089eee8ce1f80955ad1 80e813108a8b082c210e8139451264d1e45bf4be a1f29c8068358d69428bf58353a89d61180a115876810909ca98e9268fac09ff
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/57552.ee60d28a1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-1262b"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 611225
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882cdd3c569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62692.9dadb7398.js | 154.197.121.128 | 200 OK | 847 B |
URL GET HTTP/21win-cdn.com/js/62692.9dadb7398.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (881), with no line terminators Hash2396c8bca3aec16d12512850881beeaa f5e1ff1163ce9250fb0aae5e5ae0f7b53fa92bf1 dec438624d1ac734c43c52b607f839c13cef99ab7bd4f172d32c97e81630ff18
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 614089
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882e2fc0569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bookmaker-rating-en.e5dcc84dd.svg | 154.197.121.128 | 200 OK | 19 kB |
URL GET HTTP/21win-cdn.com/img/bookmaker-rating-en.e5dcc84dd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6cc20c3ddeede7970b09582754e1fe3e 343b04db5d2d9bc03ccdbbe914c61b2a41245ba6 11419071480a1e574e8e7d0b7bcbd505c2e3f0506233b781cd4e1e3965e95816
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bookmaker-rating-en.e5dcc84dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-4ab4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4760
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038834abb8569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wnvt.com&EIO=4&transport=websocket | 134.122.54.186 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.11win.direct/v4/socket.io/?Language=en&xorigin=1wnvt.com&EIO=4&transport=websocket IP134.122.54.186:443 ASN#14061 DIGITALOCEAN-ASN
CertificateIssuerLet's Encrypt Subject*.1win.direct Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27 ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wnvt.com&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wnvt.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zu+Aru5KuaSQS1UP8ygwIw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: lQwJQigJGhgo1pqQLT8nYZ9WP8M=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=c9d01fd0578533b0; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1win-cdn.com/js/48357.2f661a8c9.js | 154.197.121.128 | 200 OK | 9.6 kB |
URL GET HTTP/21win-cdn.com/js/48357.2f661a8c9.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (9833), with no line terminators Hashac10e417d3205818d44f428fb5946e98 1e2586b11318351ff352b3155225e2e90617151f 56e1ca7bc3d7559714a27119b6076e3b06a69bc9848518bfac6fac0d55dae24a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/48357.2f661a8c9.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-256e"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 123386
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882cfd7d569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/tvbet.fea6d0222.svg | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/img/tvbet.fea6d0222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashdaf98e0c0d45cb1db158d09bd07e4959 2c28a0c557fb1cf89267d49d2d5ff2a958f896c9 e3f1319aa5c6feb25f6b42156eda20d784b7a7fa6ed97488292a7f5e23b44ab4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/tvbet.fea6d0222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-24ca"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1876
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883fc886569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bonus.d101262c2-1979.png | 0.0.0.0 | | 0 B |
URL GET 1win-cdn.com/img/bonus.d101262c2-1979.png IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bonus.d101262c2-1979.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/js/46719.c1d2eb9c5.js | 154.197.121.128 | 200 OK | 527 B |
URL GET HTTP/21win-cdn.com/js/46719.c1d2eb9c5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (545), with no line terminators Hash8375a4110ec42498df870269f31e79db d974e51c02dbdc175ffa8d4384b385ecce38e581 b63b4ea04779e05a75b5e69f026faa71ee3601834dc416ce230a65ef9171d861
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/46719.c1d2eb9c5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-20f"
expires: Fri, 05 May 2034 19:14:17 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 614090
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883a4d4c569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57460.093f52cba.js | 154.197.121.128 | 200 OK | 438 B |
URL GET HTTP/21win-cdn.com/js/57460.093f52cba.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (460), with no line terminators Hash6dec8ed713dfd3300ca7f2907fe2f259 a467664dd1f209c8b7360ae5088144073d4b6272 a359d5ee11e7b5c08922355687a9b639fb2d73f1a259db499e935d49dfba9386
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/57460.093f52cba.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1b6"
expires: Fri, 05 May 2034 19:14:17 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 611221
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883b4ee7569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boomerang.413a98511.svg | 154.197.121.128 | 200 OK | 36 kB |
URL GET HTTP/21win-cdn.com/img/boomerang.413a98511.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashd37b7a09c29c7e0179175433f4b9cff7 9c24e32b7e570cd294ee7400d7b6b96348a6a8f9 e9eaf42baf55a608a7663e6f63812bd1faf020d3d75d6c12ddec5ea4b945e53a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/boomerang.413a98511.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-8c38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883d6b15569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/truelab.ec113fba7.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/truelab.ec113fba7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashedd84be1aaadcb0b503864bea380f168 af4583fc1079d7d5e07cc6ca22b56f9eeaab7418 d73eced8792c2507b075c7a7a313f1e228700fda1108d4ab44d707b36b241e06
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/truelab.ec113fba7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-7b0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 130
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883fa853569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviatrix.b5fd712c8.svg | 154.197.121.128 | 200 OK | 14 kB |
URL GET HTTP/21win-cdn.com/img/aviatrix.b5fd712c8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc92109aa9c320cc21b175481d4219bac 624606f9179e2fe695a087e64df63ec4cedf912b 8892810b3c337925e0e2a61199d9fee94a589789225f916bc9aa6d0b6c76b438
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/aviatrix.b5fd712c8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-34fe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4556
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883c288d569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/33700.8f8589382.js | 154.197.121.128 | 200 OK | 992 B |
URL GET HTTP/21win-cdn.com/js/33700.8f8589382.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1010), with no line terminators Hash7a56ca20c70147de869fb6f869c24757 8ba632a6c326ca6152d0c51a202527013eeb42f4 543572cbc25b63dbaf723d527cdb47a50c56655698f3eae1708b30e881429640
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/33700.8f8589382.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3e0"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 610785
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882fca8e569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/apparat.f7a706d8e.svg | 154.197.121.128 | 200 OK | 387 B |
URL GET HTTP/21win-cdn.com/img/apparat.f7a706d8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc263fae5892b9bdd3fa5e761a8aeb723 4646d9080fe51e04962c1f2dabf13119c6d71a41 2a333baf6e1f1e4d92fa73faae466563009d96e860c1423519b890b68153b70d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/apparat.f7a706d8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-183"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2136
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883c0861569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp | 154.197.121.128 | 200 OK | 354 kB |
URL GET HTTP/21win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size354 kB (353842 bytes) Hash8df817e5ef0af5dc8279d3f20cae9bc3 12c85bcc74a48053c92f3f75ce3c14e1a19e46d3 61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: image/webp
content-length: 353842
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: "663a73fd-56632"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:15 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388309c30569a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playtech.cecac3222.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/playtech.cecac3222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash54cb545ad750e3e670cc7cfaed81c2d4 f808d9b539d13d64c4b405da4dca9b0db732b87e 2bcda89b73c859c34d62c330205d603cb247ae31b00e987f3c3bfaaa3ba2a64e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/playtech.cecac3222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-a00"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2020
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883e4cf5569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/28852.501b5fba6.js | 154.197.121.128 | 200 OK | 906 B |
URL GET HTTP/21win-cdn.com/js/28852.501b5fba6.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (924), with no line terminators Hashf97751384d582a6e650b35ebe9d32479 e545afff49a2a354c28392833508fd88ebaa4875 1df0101a9f183c7133c49e126c64e4820760e5ab7d99895d0ee7e6d514810b9b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/28852.501b5fba6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38a"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 606899
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882ee8f9569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js | 154.197.121.128 | 200 OK | 121 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size121 kB (121043 bytes) Hash3db61399d0d4c57b17b5a337d59e3f0e 9312e9b832f7c0cc755c7c8b867986babdac8628 876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-payment-full.c748a9e6d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1d8d3"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 611225
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388303b53569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mancala%20gaming.441ae5f23.svg | 154.197.121.128 | 200 OK | 3.2 kB |
URL GET HTTP/21win-cdn.com/img/mancala%20gaming.441ae5f23.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfecafa12f578f5ced554ed31aba5c852 7e1f6f044c0508f11d1c5a58a41c3d1423bd7069 77c790b43104ff72a4363c886ef16e2716f2de4bd9b8a870b1228aec39924fe7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/mancala%20gaming.441ae5f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-c90"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1282
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883dec39569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-roulette@2.255074856-256.webp | 154.197.121.128 | 200 OK | 720 kB |
URL GET HTTP/21win-cdn.com/img/sprite-roulette@2.255074856-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size720 kB (719644 bytes) Hash344d71695bd0f387fedd84fba6ace2c1 1d37e2d66ab1098072febc0a0dc3769d44090048 7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-roulette@2.255074856-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: image/webp
content-length: 719644
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: "663a5087-afb1c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:15 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388309c38569a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/max%20win%20gaming.00fa88483.svg | 154.197.121.128 | 200 OK | 763 B |
URL GET HTTP/21win-cdn.com/img/max%20win%20gaming.00fa88483.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6887ef2393d55338db36ccf501d3b364 cada230cfe07fd9fda37cfde92abc048879815bf 9a8cda3aaf7794cfa521832e211f826e61a93bbe5c0105671dc790b6bed65732
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/max%20win%20gaming.00fa88483.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnvt.com/
Cookie: __cf_bm=C8e8m4ch2tpXZ5GeuexiVJE5JCXLPvVFQxvGnS4AJPY-1715109254-1.0.1.1-Xrb7mskkmErOqdW2pRDccLHJO0RdioUy7ixVSJ.ap0eGl79dqIi7U5dTIDnMj1iDtwHjl4Hkz50Aa0FeY.wFdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-2fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5722
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883dfc40569a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
0.0.0.0