| octotracker-clients.net/tracker.php?utm_medium=1039&utm_campaign=1&client_id=aalv3gvnis&utm_source=Sports.ru&sid1=Bonus&sid2=1win | 5.75.250.79 | | 0 B |
URL octotracker-clients.net/tracker.php?utm_medium=1039&utm_campaign=1&client_id=aalv3gvnis&utm_source=Sports.ru&sid1=Bonus&sid2=1win IP5.75.250.79:0 ASN#24940 Hetzner Online GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tracker.php?utm_medium=1039&utm_campaign=1&client_id=aalv3gvnis&utm_source=Sports.ru&sid1=Bonus&sid2=1win HTTP/1.1
Host: octotracker-clients.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.10.2
Date: Thu, 18 Apr 2024 12:36:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.0.23
Accept-CH: Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA
Location: ./tracker.php?utm_medium=1039&utm_campaign=1&client_id=aalv3gvnis&utm_source=Sports.ru&sid1=Bonus&sid2=1win&opted=
|
|
| octotracker-clients.net/tracker.php?utm_medium=1039&utm_campaign=1&client_id=aalv3gvnis&utm_source=Sports.ru&sid1=Bonus&sid2=1win&opted= | 5.75.250.79 | 302 Found | 0 B |
URL User Request GET HTTP/1.1octotracker-clients.net/tracker.php?utm_medium=1039&utm_campaign=1&client_id=aalv3gvnis&utm_source=Sports.ru&sid1=Bonus&sid2=1win&opted= IP5.75.250.79:443 ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subjectoctotracker-clients.net Fingerprint33:4F:61:E0:56:25:66:7C:BF:6C:B3:BA:BD:69:97:4A:C6:8D:D4:11 ValidityMon, 29 Jan 2024 09:32:25 GMT - Sun, 28 Apr 2024 09:32:24 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tracker.php?utm_medium=1039&utm_campaign=1&client_id=aalv3gvnis&utm_source=Sports.ru&sid1=Bonus&sid2=1win&opted= HTTP/1.1
Host: octotracker-clients.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.10.2
Date: Thu, 18 Apr 2024 12:36:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.0.23
Accept-CH: Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA
Set-Cookie: outs_ids_aalv3gvnis=2125; expires=Fri, 18-Apr-2025 12:36:55 GMT; Max-Age=31536000; path=/
sid=1039; expires=Fri, 19-Apr-2024 12:36:55 GMT; Max-Age=86400; path=/
srid=1; expires=Fri, 19-Apr-2024 12:36:55 GMT; Max-Age=86400; path=/
uid=x33202mtx9zse39o; expires=Fri, 19-Apr-2024 12:36:55 GMT; Max-Age=86400; path=/
Location: https://1wwgth.life/?open=register
|
|
| 1wwgth.life/img/logo/main/1win-normal.svg | 190.115.24.78 | | 1.5 kB |
URL 1wwgth.life/img/logo/main/1win-normal.svg IP190.115.24.78:0
File typeSVG Scalable Vector Graphics image Hash0a5e2aff3499f587617337c0add83e72 c713ec3dbfd744114ba3b9cbf7b9ce3d40fbd8a4 a5cb3d03f299b837679eaa793491a03acc5fc1afdbc7f207b7566646f3bd2ecb
GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1wwgth.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/?open=register
Cookie: __ddg1_=y6gkMzcXQM0UoOIjd2ab
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 16 Apr 2024 12:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 10:46:25 GMT
etag: W/"661e5701-1221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
age: 174160
content-length: 1474
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
|
|
| 1wwgth.life/core-js/3.33.3/minified.js | 190.115.24.78 | 200 OK | 75 kB |
URL GET HTTP/21wwgth.life/core-js/3.33.3/minified.js IP190.115.24.78:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerLet's Encrypt Subject1wwgth.life FingerprintD0:50:3A:00:D7:C4:5B:CE:E5:04:7E:BE:38:07:17:52:38:8F:81:9A ValidityTue, 02 Apr 2024 18:53:39 GMT - Mon, 01 Jul 2024 18:53:38 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (31999) Hash38facf849f100d0fe6269a53a7bca451 9bb69f981438d48b093bd1eb673885476b4932f0 ce68e1614ab493deaecfa6eb9711736de0348248e1d559b5f6dfb5dc4c29b459
GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wwgth.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/?open=register
Cookie: __ddg1_=y6gkMzcXQM0UoOIjd2ab
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 16 Apr 2024 13:55:23 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 10:46:25 GMT
etag: W/"661e5701-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 168093
content-length: 74607
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 | 154.197.121.128 | 200 OK | 44 kB |
URL GET HTTP/21win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43512, version 1.0 Hash426f20bb65ea80d35f3f2a999d5d7d1e 85f211a450f26d7f0822d718fc61085a506fa455 06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wwgth.life/
Origin: https://1wwgth.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Thu, 04 Apr 2024 09:26:43 GMT
etag: "660e7253-a9f8"
expires: Sun, 16 Apr 2034 12:36:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=Sksdf1g8iHlhvYMhXnPOo5LzDwT9f2ZlUUhQkmD2BhA-1713443816-1.0.1.1-ktu_coR1EVLN_oDCfjk46tvP6gHYDdTR_fc179oVVAhjP.i3b32ED0_Vc2ifj4GE6rgLDP2XhFcJSUStkzoYZA; path=/; expires=Thu, 18-Apr-24 13:06:56 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b40c1a88712e-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 33064, version 1.0 Hashde175cbf569bb3ccf1f761c845cbd896 8d93663b858bae157ba5fc40e1400177104d71bd df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wwgth.life/
Origin: https://1wwgth.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Thu, 04 Apr 2024 09:26:43 GMT
etag: "660e7253-8128"
expires: Sun, 16 Apr 2034 12:36:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=bV.9_1N.pOlMVEPrGvMWQZLbR0.AM5KaMqBZJ2PMR5I-1713443816-1.0.1.1-UUUyn9VLFn0zULcZPbmr8a_gYuG.NBlmmUgveEBcP3das8dFNAkkJ311V0BrfMbN3rXumtbloT5B7hw6VvTTjw; path=/; expires=Thu, 18-Apr-24 13:06:56 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b40c2a8e712e-OSL
X-Firefox-Spdy: h2
|
|
| 1wwgth.life/affiliate:link_visit?visit_domain=1wwgth.life&sub_ids=undefined | 190.115.24.78 | 200 OK | 394 B |
URL GET HTTP/21wwgth.life/affiliate:link_visit?visit_domain=1wwgth.life&sub_ids=undefined IP190.115.24.78:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerLet's Encrypt Subject1wwgth.life FingerprintD0:50:3A:00:D7:C4:5B:CE:E5:04:7E:BE:38:07:17:52:38:8F:81:9A ValidityTue, 02 Apr 2024 18:53:39 GMT - Mon, 01 Jul 2024 18:53:38 GMT
File typegzip compressed data, from Unix Hash6343828acd97e18ffee68f5a7a85074e b19a97a91fc4c6446ad1ac88c1da25c22db0f673 071bd2ea8f654dfbe84ec1e08076493cddf7f9e059c188c6915a87be6cc71a1a
GET /affiliate:link_visit?visit_domain=1wwgth.life&sub_ids=undefined HTTP/1.1
Host: 1wwgth.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wwgth.life/?open=register
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=y6gkMzcXQM0UoOIjd2ab; visit_domain=1wwgth.life
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.84.150:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wwgth.life&EIO=4&transport=websocket | 134.122.54.186 | | 0 B |
URL 1win.direct/v4/socket.io/?Language=en&xorigin=1wwgth.life&EIO=4&transport=websocket IP134.122.54.186:0 ASN#14061 DIGITALOCEAN-ASN
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wwgth.life&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wwgth.life
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PW9tB22Gvda2+iOFwivWnA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: NIkn8XIeyINk5H14v0gcU6h2lCs=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=242099e1c187655e; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1wwgth.life/firebase/8.1.1/firebase-app.js | 190.115.24.78 | | 6.6 kB |
URL 1wwgth.life/firebase/8.1.1/firebase-app.js IP190.115.24.78:0
File typeJavaScript source, ASCII text, with very long lines (19927) Hash5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce
GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wwgth.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/?open=register
Cookie: __ddg1_=y6gkMzcXQM0UoOIjd2ab; visit_domain=1wwgth.life; core-sticky=http://10.233.84.150:80; ph_phc_g0UTdOPocaIsKP6mrNYRhKJrTmq7XwcuBgfYvKmPnj6_posthog=%7B%22distinct_id%22%3A%22018ef135-c4bd-7423-824a-d3c5b6e8f2d6%22%2C%22%24sesid%22%3A%5B1713443816651%2C%22018ef135-c4cb-741e-9353-b20d7d8c092c%22%2C1713443816651%5D%7D; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJhNTk1ODZlNC04Mjc0LTRiZjItYjBjZS0wNTE0MDBmMTUxOGQlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzEzNDQzODE2Nzc3JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxMzQ0MzgxNjgxNyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 16 Apr 2024 20:56:46 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 10:46:25 GMT
etag: W/"661e5701-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 142811
content-length: 6578
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/35004.f2354cf98.js | 154.197.121.128 | 200 OK | 18 kB |
URL GET HTTP/21win-cdn.com/js/35004.f2354cf98.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash8dccb2ad1f2a3d4c58b5f4a8c093ec0a d51d2d64566f3b1bb69c6cc5b87965ad5dfb9748 0ecc374763235e33e573910147781e51b68e05b691e513d15b08eb30cc39473f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/35004.f2354cf98.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-5b2c"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1226278
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4113ae2712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 | 142.250.74.168 | | 105 kB |
URL www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP142.250.74.168:0
File typeJavaScript source, ASCII text, with very long lines (50345) Size105 kB (104882 bytes) Hash0380aaa7b980a2f6806877b8ee9e3707 e900d3857fc4891fcedd501eeadd8319420d21df fe19d5be2fcf89a8c3f49fa04f66d4d39ed9bd600d09c8c1e8866a8091b2f108
GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 12:36:57 GMT
expires: Thu, 18 Apr 2024 12:36:57 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104882
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/62476.dae54c10d.css | 154.197.121.128 | | 21 kB |
URL 1win-cdn.com/css/62476.dae54c10d.css IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash177ecf39eccdac22d091cd3022d059d0 680e1853e0754516392276b5d86a96cdc953a628 f5e3d9038e8c1c92bebe7293796e2286f79e179cd1c6f673933b62e4ba230c97
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/62476.dae54c10d.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: text/css
last-modified: Thu, 18 Apr 2024 11:58:28 GMT
etag: W/"66210ae4-7a1f"
expires: Sun, 16 Apr 2034 12:36:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1759
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b40d6d0a712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/48430.9af74daeb.js | 154.197.121.128 | 200 OK | 20 kB |
URL GET HTTP/21win-cdn.com/js/48430.9af74daeb.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash0357a2a65321278f181b39ae38b4ff9e ada15bfb589b2073a2686e4035a64f3cfb64eeed 339839e87e952118a85396560d44048e9ffa34c1ffbf545305e2986364fd687b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/48430.9af74daeb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-496"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b411fbe8712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png | 188.114.96.1 | 200 OK | 58 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 363 x 429, 8-bit colormap, non-interlaced Hashf5c26decf32eb643468c81ea9dc51585 32f26e84d2cc98f1f932ebba175eb9bb1cb18cfd 05bc5fe29e1b5dd0da7faf912adab322dbf0297cb36d5efdb12d64aff4d98ac7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 58091
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2MWQzNGU5LWNjOTki"
expires: Tue, 23 Apr 2024 10:26:50 GMT
x-request-id: 57KqBaeB6OdomANr1QMBZ
cf-cache-status: HIT
age: 180607
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DBb85NQ9jhp8dxVIFgqiVBtNiKPGBdpNb3LEf3RTQPTk4EP6i1ieJ2PO%2F8pHEDQ3vj9cEs1lHJYDzFZo91Y5auZEA5QXllYPpThH16LxWRps0CB70%2BVIanCM89fnkNeDZggalujAk1k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4130ec3b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/33700.8f8589382.js | 154.197.121.128 | 200 OK | 6.6 kB |
URL GET HTTP/21win-cdn.com/js/33700.8f8589382.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashb9f9e25518007421f6eba0ac36ff15d2 54bfc258dd6b94f7bdb7791274eadcde3ec13862 c04e39d2f22ec3dcdad9b70c8c78075dac116162d5d6649aa8ca1ce0009f2c23
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/33700.8f8589382.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3e0"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4124c55712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/index.fd224ee8e.css | 154.197.121.128 | 200 OK | 68 kB |
URL GET HTTP/21win-cdn.com/css/index.fd224ee8e.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash54c8b5583efd5c915893ab66dff799a5 0f2c4338fcf72089b74962bf8da31055edb709ed af52d97ed28ed96eb764120d830317e304c6d2aed70a65c9b52707c604de82af
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/index.fd224ee8e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: text/css
last-modified: Thu, 04 Apr 2024 11:31:45 GMT
etag: W/"660e8fa1-1823"
expires: Sun, 16 Apr 2034 12:36:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1207443
set-cookie: __cf_bm=AT4UUDN6MR3koudP5NPAiKG0e3KWvBFbf4Tu4qfzwts-1713443816-1.0.1.1-Qg.rfymvREaJ3Rv1hLl5zZxo_XLHhtVyYs4yXTyKEVOaEtkaW9gTzdFPvcPs1iOIudzG0SSaeWfa0vL5jzTydA; path=/; expires=Thu, 18-Apr-24 13:06:56 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b40c1a4f712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62692.9dadb7398.js | 154.197.121.128 | 200 OK | 17 kB |
URL GET HTTP/21win-cdn.com/js/62692.9dadb7398.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash4117a9c4d80fbd3af96744b40977d630 3c4e74e2e96b304831d61aee00d8f4de49a249a1 adf151abaae42129ddf4dc183e660ccae9e740ecc69ad5bd1b141870757d28f1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b411ebc9712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-social.9f742da0f.js | 154.197.121.128 | | 13 kB |
URL 1win-cdn.com/js/icons-pack-social.9f742da0f.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash8994198f96c87f7eac956eac402b8598 4e66e1dd4a38bf7af05caafdfd0a22bc804dc65e 8d7a1cc45b40012badf853f7b03c2e522353f04d552d509ca42046ff1d030f4b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-social.9f742da0f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 09 Apr 2024 10:12:46 GMT
etag: W/"6615149e-63b9"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 785079
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b412bcec712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/18860.d3e8c1777.js | 154.197.121.128 | 200 OK | 69 kB |
URL GET HTTP/21win-cdn.com/js/18860.d3e8c1777.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash01e37e7c2b15b37c929eaa4a5debff51 e05fdd55a7cf6bb37f3ef401f9b3863af2c4b2d1 f0932008dd7fa1905cdb45daa374418908e7017676bf3dc63fd9ac8d137c3ca9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/18860.d3e8c1777.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-6d56"
expires: Sun, 16 Apr 2034 12:36:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 248790
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b40d6d04712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/35967.a72ac7974.js | 154.197.121.128 | 200 OK | 354 kB |
URL GET HTTP/21win-cdn.com/js/35967.a72ac7974.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Size354 kB (354443 bytes) Hash6868d482b1f0f2c8643e3b527532144c ebba54d2a012f48aa305ce887a394ce1900b59a6 bb2cc28f6407ee09892ce25a089e3747e59a541c1ad797f9c1dd52e343ca2863
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/35967.a72ac7974.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3be"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 627599
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b412ace1712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-common.5bc8af63d.js | 154.197.121.128 | 200 OK | 80 kB |
URL GET HTTP/21win-cdn.com/js/chunk-common.5bc8af63d.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash02da18363859857125d0dcae1c49beba ee415cdd28693bf9b3e94dcc557f346438384a94 bd1611475aea704046eafef9a9bc1571ace38701bdd3b40953b2e9d4f9d5e0c8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-common.5bc8af63d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 11:58:28 GMT
etag: W/"66210ae4-2f62d"
expires: Sun, 16 Apr 2034 12:36:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1760
set-cookie: __cf_bm=qjz2sEaHWlKCKcmpj0IukXiJjf_xA8mcZIWl9TcNxLA-1713443816-1.0.1.1-P.y_Q7siSxrHm6WW5rDOtP3dfJ0z2m78JlDIglJ11QfPxCnzwetd26eG2jckIudgA_DmlHcwAGEfxC418wsVxQ; path=/; expires=Thu, 18-Apr-24 13:06:56 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b40c1a26712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/aviator-game-logo.2fb50dc03.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash0e1a6dca580b386dfbb8904ec5ed6c0b c1daea0e1c9ece2bf27fe0a4007da654f88a7b1e c4e577120c18fb11d39d2639fe68143c37c2ec3ab499d104a339c556a50978cd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6820
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4125c5e712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/jetx.64787fc5c.svg | 154.197.121.128 | 200 OK | 367 kB |
URL GET HTTP/21win-cdn.com/img/jetx.64787fc5c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Size367 kB (367409 bytes) Hashb5a3b4502060957193bde1f255ec9374 cb2493e35cb53ec7f034256745971dd7f11cd7d3 93cda9b135a191e9f3e8190b049e6b4ca05c4b1065018bbf44c05dc5a169164f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6820
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4125c61712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/speed-and-cash.dffacd6c5.svg | 154.197.121.128 | 200 OK | 440 kB |
URL GET HTTP/21win-cdn.com/img/speed-and-cash.dffacd6c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Size440 kB (439732 bytes) Hash0b400ed85d94b504e1b463222310f42a 581c681eccf1e7f065ff812e65f3bab7d29f4256 4c464b128ea76178b646df038b75fe0397a8074d6af74b3340fd9514ffc6d7bc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6820
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4125c5c712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wwgth.life/?open=register | 190.115.24.78 | 200 OK | 928 kB |
URL User Request GET HTTP/21wwgth.life/?open=register IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wwgth.life FingerprintD0:50:3A:00:D7:C4:5B:CE:E5:04:7E:BE:38:07:17:52:38:8F:81:9A ValidityTue, 02 Apr 2024 18:53:39 GMT - Mon, 01 Jul 2024 18:53:38 GMT
File typegzip compressed data, from Unix Size928 kB (928251 bytes) Hashf368f3ac972b5326e6560cf6815215d5 2712eb70b685873ac3be9da98c07d7b0561681e5 b19b5b0ae27583031f55585793da03af987f0cb24d6aeb3405a5a321019367f0
GET /?open=register HTTP/1.1
Host: 1wwgth.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=y6gkMzcXQM0UoOIjd2ab; Domain=.1wwgth.life; HttpOnly; Path=/; Expires=Fri, 18-Apr-2025 12:36:55 GMT
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: text/html; charset=utf-8
x-request-id: kbysj82rwiv2hI1Z
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wwgth.life
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Hash45df6c11399190f031e9db37f9f4e785 a8a641e38f707a584b72a5ad5c010e7bbcd7920c 121521ac13372efb3f1ab4c324432d8660fbea196e96df7916ce7457699705a3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.a77f0d650-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/webp
content-length: 12264
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: "6620f1f2-2fe8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2814
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4136e4e712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-vendors.d4b6646be.js | 154.197.121.128 | 200 OK | 113 kB |
URL GET HTTP/21win-cdn.com/js/chunk-vendors.d4b6646be.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Size113 kB (113362 bytes) Hash94cc49c9d68146135fa039acf2a1066a c07dc5c63106b0c5923d2e7b410227682e05eb9f c0ea8a7b076839115a554ea5fb12fd37049a4f3e999d9f172ba23c82f3cb41d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-vendors.d4b6646be.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 11:58:28 GMT
etag: W/"66210ae4-384ba"
expires: Sun, 16 Apr 2034 12:36:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1760
set-cookie: __cf_bm=rEu3ReuvI67ViFFpEibi1WI3tGyFxSnOXL6k3pF1.P4-1713443816-1.0.1.1-myPiIUZbz2c1ZXiJgeI_0wI82lvo.jGY8PF0m2V5jLpyeVnyLs2PTnGbODzFxcBxg3kZQ1WLCFxv4sV6BIIXlg; path=/; expires=Thu, 18-Apr-24 13:06:56 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b40c2a64712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png | 154.197.121.128 | | 35 kB |
URL 1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash232d05b165c6b0fc9695db490aa71f47 f04ccc74ebd190747114ceeb882d51db8e9268c6 9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 34925
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620fe2b-989a"
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b413ceec712f-OSL
X-Firefox-Spdy: h2
|
|
| eu.i.posthog.com/e/?ip=1&_=1713443816655&ver=1.128.0&compression=base64 | 52.57.233.141 | 200 OK | 26 kB |
URL POST HTTP/2eu.i.posthog.com/e/?ip=1&_=1713443816655&ver=1.128.0&compression=base64 IP52.57.233.141:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerAmazon Subject*.i.posthog.com Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67 ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT
File typegzip compressed data, from Unix Hashc468028d16c27b7d43fe983a4690abc8 0f606b4eb9c626bdf54712dcd15a3ebac9e94741 0ebea0cbae534b258188a3b771f562c533e912decc3a9698b3d81d6e7c1f5973
POST /e/?ip=1&_=1713443816655&ver=1.128.0&compression=base64 HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1437
Origin: https://1wwgth.life
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: application/json
access-control-allow-origin: https://1wwgth.life
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
server: envoy
x-envoy-upstream-service-time: 11
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif | 188.114.96.1 | 200 OK | 5.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash2644fa31ed595bed0cb922c0c7539272 de9318bf140b0f2ea79f367170734ff434917747 8b139975393524fcf487dbb870a640733d99cfb4352c679c7449baf2ca2babcd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/avif
content-length: 5298
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2MWNmNWE0LWMyMGQi"
expires: Mon, 22 Apr 2024 10:47:34 GMT
x-request-id: idTv66N593vyFzuVNO_I5
cf-cache-status: HIT
age: 265763
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xng6GFyBZfpTolSNiw1hpI4DNF7iruNrSCuARrVMWZ3opGFFeXkHUQI%2Bx%2BlBHaBgr6d7AQw%2FI9folM%2F8asDWlnNL4nn7TV6ep6uxDsOspIUKj3%2F6KEBf%2FNo1Ys%2BodqUYqqi%2FDfI8EBo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4149a66b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betraja.5cf6f15c0-75.png | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/betraja.5cf6f15c0-75.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 75 x 75, 8-bit colormap, non-interlaced Hash2840e342f235c6d7d76db654ff6a0edd 8f81dc2954a1e234394d7b284e02742730f25f37 2ad89292fa4c717acf6c24a9fa1f4c795f1e63f7e03bd4800c73f989c595a950
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betraja.5cf6f15c0-75.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 1054
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1174
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620fe2b-496"
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
cf-cache-status: HIT
age: 85
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b415ca1a712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/casino-mentor.f6b6387ac-172.png | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET HTTP/21win-cdn.com/img/casino-mentor.f6b6387ac-172.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 172 x 50, 8-bit colormap, non-interlaced Hash3ec6ec7d9016e953c300249c2af5704f e7b2ec568a2118a744cdd1fabe6fa8959c637532 135d5b6cdac55c8f3598b1d5d04bcf737608501709df2567d270fd30ba02b25a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/casino-mentor.f6b6387ac-172.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 1857
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1976
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620fe2b-7b8"
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
cf-cache-status: HIT
age: 85
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b415ca2d712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png | 154.197.121.128 | 200 OK | 972 B |
URL GET HTTP/21win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 50 x 50, 8-bit colormap, non-interlaced Hashd75b75efec83a2230764a8fed9d1dd3e ee4318789396290da2017d433fe622b9a005aff2 24397ec04f26d6b7c9465094a088ab89e4a4216accd5cb45e8563f694dd3fcd5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/best-bitcoin-casino.9c1716b1a-50.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 972
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1035
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620fe2b-40b"
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
cf-cache-status: HIT
age: 85
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b415ca2e712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png | 154.197.121.128 | | 8.1 kB |
URL 1win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 500 x 500, 8-bit colormap, non-interlaced Hash953b3b7e0c94ed3c3af678f19b076c5a 993c897eadbd5f11f4fa712cda067ea633c8e68f d996933d2daf078f08f1460583730af70894c8e2317c273661c10aa3affc5acd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cricket-betting-guru.cfe7d4265-500.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 8067
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9249
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620fe2b-2421"
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
cf-cache-status: HIT
age: 85
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b415ca30712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/emoji-slots.1c6e965b9-160.png | 154.197.121.128 | 200 OK | 7.8 kB |
URL GET HTTP/21win-cdn.com/img/emoji-slots.1c6e965b9-160.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 160 x 160, 8-bit colormap, non-interlaced Hash87325735734a61a6dcf78148f1eb9fef 934481694321a7c02aca3fc865355eb732f7d0cc 6f6332331617980bbe000550b8ec83e3ab48cc35a952ba512f7fac2b9dfae881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/emoji-slots.1c6e965b9-160.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 7806
cf-bgj: imgq:100,h2pri
cf-polished: origSize=8977
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620fe2b-2311"
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
cf-cache-status: HIT
age: 1537
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4162ab7712f-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif | 188.114.96.1 | 200 OK | 6.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash049927e2f79d1b3f7c0db06be6378930 bc6a9c76a5027d6e63381bb7cf0ff70068d06792 8488c7746bd184e9f0210a44f098d433e1f94e2bec27d1e26c2b75cf82250b17
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/avif
content-length: 6321
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTY2NmI4LTJiMmQxIg"
expires: Wed, 24 Apr 2024 18:12:09 GMT
x-request-id: yrl775GXM9Fh3TxtQq3wr
cf-cache-status: HIT
age: 66288
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VIwS3XDxoAS99hi%2Bc3NJcz9nixxrjvpZkB9DgMaVSplGHB2%2FzMnC%2Fc7%2BxDmey2Cn%2FRQ8JjOm2DAyTev4AYAbQyMHzp%2BiRp8ODMDn9xA7YFvCV41GLhMXZVuTlg8ZVvNbqIyhhgFDtek%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4163e8eb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@avif | 188.114.96.1 | 200 OK | 7.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash513f3198a187e1d23253286e6e6c1f00 fc18a35dfde5d07e13da9d42681541942e92bc0b 47c47c9c1baf50edcde06130657e3eb321cedabedaa0c3da51806079548980dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/avif
content-length: 7494
cache-control: public, max-age=31536000
content-disposition: inline; filename="ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MWU5LTJhM2VmIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: 7E-VjHnz0JIzJtzXxZNLZ
cf-cache-status: HIT
age: 13824
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0kSfuYdFj12oJMOAxbEgq3VRYWxZrgVKA%2BC48O2vVZngrPSvYl%2BKX4aP4ty7xlA%2BOAWTlNeYGHit1xGZiV6%2BDefBZjXAVjziwZLn7tFNkSLqqG09RB%2BAOMa0WU9DgOmQ5pZaCwYcXU8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4163eb6b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fifa.604717ea7.svg | 154.197.121.128 | 200 OK | 6.1 kB |
URL GET HTTP/21win-cdn.com/img/fifa.604717ea7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash1c8c195da4fa160cb2338be13ef21a37 04e16032bb7ebc516ca2c3756f09e2cf565adb68 9ea19d7a1546718e13ac2d62c948b99f5a879b086457763625cf13f585363019
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fifa.604717ea7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-39c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 949
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41589cf712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif | 188.114.96.1 | 200 OK | 6.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash172757f78e8e2026f280f94f4d032035 17cea3940511dbbbb5077e78e28ddadef3090931 f0480a63411ce5b83d0c87ea580863a1a6908dc635db4309719cf9119d3df28f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/avif
content-length: 6121
cache-control: public, max-age=31536000
content-disposition: inline; filename="61ea6817-a009-4c14-94a8-2d97fb8082c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODk1MmJlLTZhY2Q4Ig"
expires: Wed, 24 Apr 2024 20:17:42 GMT
x-request-id: 6wlhy8CqiNIlKW3HNigYq
cf-cache-status: HIT
age: 58755
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m%2Fs0MBJC%2BrpOWaa4FQJH85TN0uOqPCqOV8gePH3%2FAxSJPxzXx8Sq4lwvc8wU%2BXxUUO8bWpe%2FN1vHaiowEOGCHmgu9s1cNbeZKBoKfxyihUmxw74Eo1p2bnDanhNSaqSgJFLKapA%2Fr%2Fw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4163e97b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 90 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Hashe70b595a9f36987bccdabcc3a36137c8 770e2018634c46602afcb73a6badebecbee2718a 88cbd8752df72f6464dae0a42e2173ae53fdfdf634a088295aa865835e3fab14
GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 12:36:58 GMT
expires: Thu, 18 Apr 2024 12:36:58 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90052
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 72 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (2165) Hashd1017f1c9b162aadd90f0878594c6c0c 5c0ca0bfe2c17ca287d0311cdd834d51da518033 19c0f36b79af631be88de89a9ef42667ff44d15f9d6a4fd73fee5112bda49204
GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 12:36:58 GMT
expires: Thu, 18 Apr 2024 12:36:58 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72273
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c | 142.250.74.168 | | 86 kB |
URL www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP142.250.74.168:0
File typeJavaScript source, ASCII text, with very long lines (4179) Hash3bc03c9827599f1cba11768d58739b8b 667a4b99b6a3bed86ea25c9830a11aa43acc260b b9d002de1ecfead96a1d5b7fc29491933ee57cb31684b9bdfd4087f89e8394db
GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 12:36:58 GMT
expires: Thu, 18 Apr 2024 12:36:58 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85801
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@avif | 188.114.96.1 | 200 OK | 7.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash5a258a62a127acb8b8ad56770591d501 8452fa24937409b089d5a07b73ec4392b84c1a7e d039ac11879d3e157fe0dc5f8f4df871574a12c1d2cb1e8ed8586993f5684959
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/avif
content-length: 7154
cache-control: public, max-age=31536000
content-disposition: inline; filename="c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NTExYzUwLTJjYTViIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: th0si--mGv2mjaolKBx3e
cf-cache-status: HIT
age: 13825
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KxiUvCCJB%2FkzI5epEPHI6nW2LIQU0CvMQ86WOsvkhyonbZ2jtSC4Hds9IO7asI%2BwyFzy99fcl8YcjshD0AhokpNpJa62Ag%2Bhb2vJ6Q3Def%2B7Ptu3htYBSGZ5%2BK6NTQ%2BjFHR7Jy857%2FI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41a4f99b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fantasma.8f4e2392c.svg | 154.197.121.128 | 200 OK | 9.1 kB |
URL GET HTTP/21win-cdn.com/img/fantasma.8f4e2392c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash12ec76948f3aa13d8cbff50b15fdb97b b1f00698c731773334c5db680acd1efc9d50d872 9ca482a9b0073f4dbcfdf3c6392bdf9c52c7675345172f9b3839ee90e6d30b72
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fantasma.8f4e2392c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-d34"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180da3712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cashback.12a565952.svg | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/img/cashback.12a565952.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash4619aca4cca36c3c012503131fd82d63 17cda2491b3d5d9ef79fc641920397ad6e398f24 c9b08117bd9f51595271278aea745d3745941584c9c09478b8b9e8a8f7fad796
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cashback.12a565952.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-851"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7123
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4162ab8712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/68578.08cd62539.js | 154.197.121.128 | 200 OK | 30 kB |
URL GET HTTP/21win-cdn.com/js/68578.08cd62539.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash255bf4ee519ae70d819e0bd5a3ca2574 640b2af0d0a694e6d52e388c1cca7de3ee1b3ee0 f938ff138cf404ae10e1733d6078294f53321c18ebb4678355a26608906e0685
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/68578.08cd62539.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-833"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1226277
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4162ab5712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/swintt.7c851d380.svg | 154.197.121.128 | 200 OK | 8.1 kB |
URL GET HTTP/21win-cdn.com/img/swintt.7c851d380.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashb51ead5f9e5ec833e9b47d205df60cfb fb0a0b7e0e09e9a57d36a2e2488ecddd2fc8ab42 c265c09151b2ba6c50f436d79158edc3da362f5cd467740e41913590805eaad9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/swintt.7c851d380.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-1ab"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1539
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4199fed712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif | 188.114.96.1 | | 5.9 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif IP188.114.96.1:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash9d19a8ee72d8c48af25fdc64baaa1377 845b03e70fa87c6cd8025abe3c257117e0d88bb6 02a25486cea99e7a7cbc3a72ed94b5466705f26440184d1a2f2f5ebff6695ce3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/avif
content-length: 5859
cache-control: public, max-age=31536000
content-disposition: inline; filename="40223bea-129c-45a9-afed-277cad8ba9a1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDA5OTI1LTMwMWYwIg"
expires: Mon, 22 Apr 2024 10:08:54 GMT
x-request-id: wLC7bWAi7BoajwYRueYxn
cf-cache-status: HIT
age: 268084
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dp%2FbPENkuuTq0ockTksmmm8UISsMZ4KXvnaB5mDIHQ2GTNJUnLntCmGEMwaSv3UdUTww9bTqPDbwRDSz3PURLoRAeJfgQxPQwLW81FuFblxLL2uIHNQrPrJk7gLhbpmCebXrQDGoBNw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41a5fa8b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/superlotto.0b2069aeb.svg | 154.197.121.128 | 200 OK | 8.5 kB |
URL GET HTTP/21win-cdn.com/img/superlotto.0b2069aeb.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashf98ee2b3cb26389d31cd267c4701bdc2 a7268fe0a829a47e883ed294e23bc077461f29f8 a52ebd8fb0bbf7fa1b0277090259767dc869d95692cf199e73feb3e03baca30f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/superlotto.0b2069aeb.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-1b55"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4199fe5712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bombay%20live.ab678ab94.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/img/bombay%20live.ab678ab94.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash04021a17829f9473371ddfbffb3c3bfa d9e1d8d2d3d0430978eeafa532ea3fa47e64d941 f77f76d4ec39a03467718a3c8882517cd3e5f6a744eafff4edf07b0f978e1a7a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bombay%20live.ab678ab94.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-5b4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d8a712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amusnet%20interactive.428b45c71.svg | 154.197.121.128 | 200 OK | 8.5 kB |
URL GET HTTP/21win-cdn.com/img/amusnet%20interactive.428b45c71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash5467a464aeb3df904a2f9033db3dd572 b683db6de0ce510a17e8dd26c12e741fa76420e7 e195215577b17319133760b332668026df93afe3306898f5b38047bdc824b954
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/amusnet%20interactive.428b45c71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-2a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d70712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evolution.acb5f3085.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/evolution.acb5f3085.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash386b3952bf6bad3fcbd62b97d8d08466 0850449017d20e52cf42323c03bd2f5e0572493d 38eee676be95b0f33cfd275cc95bfc278f927879df25327e1c803c21e91dbfa3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/evolution.acb5f3085.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-9da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d9f712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash7cbb0a3b5e37e879d85d198985d0d0df ece616b366abd11d37be11396eabfa50a550ef94 2bb52b9de22b20ce410dba264f4c1c8ae2b4c5e804eda557d9f707014e7484e7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b415ca31712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/55799.274042d04.js | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/js/55799.274042d04.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash0c859510e1b13120484e24151b764703 7d74cf6b6758c17b1a9e0881b2d7956dfdf7413d 181f4802bf8825389e663dbc2556f8f3ea3f52fe69235366734f3d3167e5cefc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/55799.274042d04.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3c3"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1226277
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4161ab0712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/retrogames.bb592a878.svg | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/retrogames.bb592a878.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash83a92b41065d427dba9e8ca1ce7e075f 1c23a00646a4fb1ad7a6a6127779654d8af5cb16 77b2ca4731ef6ca6bcd8ed4c8d1eeac82f58f4d80e50dbfe59c1ee3a14537774
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/retrogames.bb592a878.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-1cb4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4195f87712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/skywind.9cd4f870b.svg | 154.197.121.128 | 200 OK | 40 kB |
URL GET HTTP/21win-cdn.com/img/skywind.9cd4f870b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashed326ba5f9792c4766559b2e174959eb ff995380c58f5842779657c4f4db4c8f6f80d4e1 f29bb9ba5514bf57b779b67181fa2d590a7d433726f72632748d44d71d80f1e8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/skywind.9cd4f870b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-5e3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4196fa1712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_img.77110d4f9-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Hash1f85b44a5305e8928fcae8922301d92a 7ecc0724a7560af7c4debc83014bab875eba685b 660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/webp
content-length: 25292
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: "6620fe2b-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41b1a83712f-OSL
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png | 143.204.42.156 | | 3.9 kB |
URL d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png IP143.204.42.156:0
File typePNG image data, 124 x 48, 8-bit colormap, non-interlaced Hash3219393f1efd01cf2db20820dff57cf2 ebdbcf916084a0d5a70680021d269680e9f41d41 8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06
GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 3884
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Wed, 17 Apr 2024 18:17:51 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: jq41yY0oGboCubIK1pVaMZoPO4FzyQwoqYEMOeOztiBKLVjycc22AA==
age: 65948
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netgame.8e28ed366.svg | 154.197.121.128 | 200 OK | 280 kB |
URL GET HTTP/21win-cdn.com/img/netgame.8e28ed366.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Size280 kB (280007 bytes) Hashb6219c43b92239d4230d06eae4fb12ab 034d434565f6735de4d908baa278efc759846e78 84079c30979eec790f7d565a1cb9b6bc39a13a435c5a42f1160b646fe28c764c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/netgame.8e28ed366.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-b65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4187e42712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mascot%20gaming.21cafbe70.svg | 154.197.121.128 | | 187 kB |
URL 1win-cdn.com/img/mascot%20gaming.21cafbe70.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Size187 kB (186573 bytes) Hashd29a84eb87df21a30c148c20fd793fd6 939d618dd89eff3313c8398b5ebfdba6e9d892f7 508c3561888fe7bed90985c4fc208e10bc77ea6d0ea3fc312ccd36c67ef653ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/mascot%20gaming.21cafbe70.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-144f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4187e3c712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif | 188.114.96.1 | | 5.0 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif IP188.114.96.1:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash3c7a3851260b12a9627faa9016f3ce1f 9df4442c906d9741c13ef21ed9eefb5f99d044c5 8b330aef0c0829a3f623aacd997fcae862db1c1b712f56cfdde0c267417d4942
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/avif
content-length: 5004
cache-control: public, max-age=31536000
content-disposition: inline; filename="bd529428-aaab-4991-a790-150cd6317398.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDQwNTUwLTEzNTFiIg"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: 4cFylK1dZHaCryCGNCwaU
cf-cache-status: HIT
age: 13825
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OLGjpZUGf2I9%2BTkx%2BwxpvDK6Uu6Jg9GmlcUDYJuXlENOWuvKxng4Dp4vAdJQfsRVj2es%2FfU6fKGRfaFPmVBDaL3cZ%2BfTQJyL2zasAA%2B6XRfq4GErTNyEutEn3un9oGAgwIXswr%2BDmfY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41d7de4b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/max%20win%20gaming.00fa88483.svg | 154.197.121.128 | 200 OK | 6.4 kB |
URL GET HTTP/21win-cdn.com/img/max%20win%20gaming.00fa88483.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash44c35582580c6d79d49d4e12b597bf9c 15bdf903a9d09555d404fe5de901dae1a382fb0b 322b017a676287fc62f69beaae399ae025f79e9d93ece75b6fb10ed6474ad98a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/max%20win%20gaming.00fa88483.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-2fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4187e3e712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onetouch.b026a50c5.svg | 154.197.121.128 | | 12 kB |
URL 1win-cdn.com/img/onetouch.b026a50c5.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash3839c99841d0d85d47fdddec2c6dca49 aca4dc04fe85ee288f2a263cbcd3926599542c05 31015d68841c843d63922606c17dcf594f5350d4d4eafda208ddfe28a5df2e9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/onetouch.b026a50c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-95a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4189e6f712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif | 188.114.96.1 | | 5.0 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif IP188.114.96.1:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash4ed163b7295ee97d380351dd868d4216 6987db5ad9f1b684e98e657aacb7dd38706e6a34 f612299c5c7d80db2a40298d6efbcce5aa740cbf02b0bfad807a91a60a11f606
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/avif
content-length: 4967
cache-control: public, max-age=31536000
content-disposition: inline; filename="096d2c09-0aad-4662-8a89-4d8777978e05.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZGRmMGJkLTRkZmFlIg"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: hbaU3tzNOANOezL0ltdBg
cf-cache-status: HIT
age: 13825
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1usc3zAUKxjSYPUwK2BnBP0SaDb%2F1AvjV6F7SeTPsIVnJN3U%2BF8u0vLsiS8wXP4%2Fne5e8El3LgrgDk6RYljg7J91BkRtJD9c3EiBPIfxcsUcyCIvaubVGTKx6gQfRLwoQFIvkGuLkUg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41d8de9b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/yggdrasil.a6bc350dc.svg | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/img/yggdrasil.a6bc350dc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashf568a7191ebeb44c9911a98f53d37d3e 68490ecb66bf8c837f48da117a4a5118d1caa1da a7060d71a8d27dde852ea5d6bef0664a068849b02a60348349e8c67b009ff4b8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/yggdrasil.a6bc350dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-1697"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2711
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b419f8ca712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif | 188.114.96.1 | 200 OK | 4.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash4e85a0bde3faf39a0eb79d1afbf94a3c bfda6edfa14599e73e5a8096ae707b7355fb9d2f fea08e33454d5f3e26915f9862ba5acc30108166648fa38500e19f7cb1324473
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/avif
content-length: 4683
cache-control: public, max-age=31536000
content-disposition: inline; filename="6f680e79-feec-4211-9534-21a166c91202.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YzM2MzcyLTFhNTFhIg"
expires: Mon, 22 Apr 2024 10:47:35 GMT
x-request-id: Wl4iSFCKcUeoYO-SAogvI
cf-cache-status: HIT
age: 265764
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e7KCmNK667ImafdZ1eGU1wd16B3lr8Q7Olw46mpPSUi5OJr8GLnH9Ao8bn4MMGNAzgwLoJcZtEXUhh9EF%2FR0xCqbJjU9n4zJGyQW5xq3rIbbbIdH0XaQkiU2zD7EExWvghIjWO7Rcnk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41d8dedb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif | 188.114.96.1 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash4690a4b61d201902c45336db8106dff9 939591a5793aa03ab3071614e332b2b9d25e4c27 26f706b40a0dfebff8f896074f248c0dd60d2ce1372c3d23bf8bc14c862fe976
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/avif
content-length: 8152
cache-control: public, max-age=31536000
content-disposition: inline; filename="cf957920-b419-48fc-9770-c04187b3098d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY5ODg1LTFmOWIzIg"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: 9wNFwtaW282-b_zyivNe8
cf-cache-status: HIT
age: 13825
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4mhdrwqTI349DWUnFMGiysloKtXwXgVFtUPNwps%2B5sDwyjWuQtPmo8Bxj5kmYtDXLutw1JBq0Iz5MZVZRf%2F%2BdmiMgm2CMAMFAyYUtXaXq056ithdgnkPnFp1FwoXbPXsWPbrHR1vf8o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41d8df4b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mancala%20gaming.441ae5f23.svg | 154.197.121.128 | | 11 kB |
URL 1win-cdn.com/img/mancala%20gaming.441ae5f23.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash9a5131c0923aabda0f916694916c5e36 f740cfe310556a19087277f9757df25ed42c52f4 66d4eecac4ff3868711c85206f27c0de4f4fca9f669c59948c5ab4905f417717
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/mancala%20gaming.441ae5f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-c90"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4187e3a712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/ru.svg | 154.197.121.128 | | 8.4 kB |
URL 1win-cdn.com/img/flags/ru.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash8922ec1dec082678d489a47f95b50260 21d7557ee02955f260be19c448216ace2bcc814c 8c837b322250c17d2c5f5f987ac2f3093a602f4d92e3816532e076eef223015e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/flags/ru.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-110"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6890
expires: Thu, 18 Apr 2024 16:36:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41cdd71712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/oryx.ddc50c514.svg | 154.197.121.128 | 200 OK | 8.6 kB |
URL GET HTTP/21win-cdn.com/img/oryx.ddc50c514.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashd08fef7a33e4d126673d6bc61a421992 d901513a802b302f8f235c45b71f43faae523e09 9fc1eb125693c06e7e0d6d4e71c042cb956ea472b499a4f74a598fc2be211a9a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/oryx.ddc50c514.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-557"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b418ae7e712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/goldenrace.4bb50c89d.svg | 154.197.121.128 | 200 OK | 7.4 kB |
URL GET HTTP/21win-cdn.com/img/goldenrace.4bb50c89d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashaf8b03041300b759928dbe8f8940e8fb c97c55edd31c4aeb210c6be3f9e581b3324d737f 0d04c2ddd4ae9464f5576c575be6383f3cb3562b3270388235d9bf0d33fbe7c0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/goldenrace.4bb50c89d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-88a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4181db1712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pg%20soft.fdb9d6567.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/pg%20soft.fdb9d6567.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash925fb71b4aff2b1abd3e822987606721 a1996e65f0bd65c467749ab858a6b08b53d0ecfa 648b001e28028097ddd03fc049374d7140cb2893b2eeabb050509f40956bfca1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pg%20soft.fdb9d6567.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-5a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2711
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b418ae82712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| eu.i.posthog.com/decide/?v=3&ip=1&_=1713443818718&ver=1.128.0&compression=base64 | 52.57.233.141 | 200 OK | 305 B |
URL POST HTTP/2eu.i.posthog.com/decide/?v=3&ip=1&_=1713443818718&ver=1.128.0&compression=base64 IP52.57.233.141:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerAmazon Subject*.i.posthog.com Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67 ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT
Hash971a1a79c5d84512fe1a28cf23f70721 992f44d8f01a01f038489456ab818dc38e3d44df 6ad11ee63fd8ccfe6c2e4b0a095bf1d194b9c9c97e62be26fd8b8917c04b3cd3
POST /decide/?v=3&ip=1&_=1713443818718&ver=1.128.0&compression=base64 HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 275
Origin: https://1wwgth.life
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: application/json
access-control-allow-origin: https://1wwgth.life
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
server: envoy
x-envoy-upstream-service-time: 31
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/td?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=gtm.init_consent&eid=-1&h=Ag&dl=1wwgth.life%2F&tdp=DC-12688802;;1;7;1&rtg=94400803&rlo=22&slo=10&z=0 | 142.250.74.168 | 204 No Content | 0 B |
URL GET HTTP/3www.googletagmanager.com/td?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=gtm.init_consent&eid=-1&h=Ag&dl=1wwgth.life%2F&tdp=DC-12688802;;1;7;1&rtg=94400803&rlo=22&slo=10&z=0 IP142.250.74.168:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /td?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=gtm.init_consent&eid=-1&h=Ag&dl=1wwgth.life%2F&tdp=DC-12688802;;1;7;1&rtg=94400803&rlo=22&slo=10&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 18 Apr 2024 12:36:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=gtm.init&eid=0&h=Ag&z=0 | 142.250.74.168 | 200 OK | 0 B |
URL GET HTTP/3www.googletagmanager.com/a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=gtm.init&eid=0&h=Ag&z=0 IP142.250.74.168:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=gtm.init&eid=0&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/spinomenal.e0cf93b3a.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/spinomenal.e0cf93b3a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash666501a5fe6f02a5c50dd965a4e90e66 6aec950f585a897b4fb432c02260830bf376c91e 8ef80c028c77cc9a98d1b25806b821b8cc58ad11e81000927988958294e6338a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spinomenal.e0cf93b3a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-8d0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6818
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4162ac4712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=*&eid=19&h=Ag&z=0 | 142.250.74.168 | 200 OK | 0 B |
URL GET HTTP/3www.googletagmanager.com/a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=*&eid=19&h=Ag&z=0 IP142.250.74.168:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=*&eid=19&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/4theplayer.f89265cdd.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/4theplayer.f89265cdd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb9a92b660ad511dbe5892dec2825a443 8d8276c980310c8b7d3bf63ca3215035355df4f5 03d40c7e838fb28f6e7e2227d9a3af31ca1ec133ddb1439e72b6504ac1b2fefa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/4theplayer.f89265cdd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-1067"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4171c08712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=951017754.1713443820>m=45je44f0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=2078387163 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=951017754.1713443820>m=45je44f0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=2078387163 IP142.250.74.163:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint0E:DD:25:54:7B:C3:7F:EC:27:35:B1:EC:15:C4:B7:D2:09:71:3B:68 ValidityMon, 04 Mar 2024 07:26:33 GMT - Mon, 27 May 2024 07:26:32 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=951017754.1713443820>m=45je44f0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=2078387163 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 18 Apr 2024 12:36:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| eu.i.posthog.com/i/v0/e/?ip=1&_=1713443820032&ver=1.128.0&compression=gzip-js | 52.57.233.141 | 200 OK | 15 B |
URL POST HTTP/2eu.i.posthog.com/i/v0/e/?ip=1&_=1713443820032&ver=1.128.0&compression=gzip-js IP52.57.233.141:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerAmazon Subject*.i.posthog.com Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67 ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT
Hashc86a47ac0d792e37182689c73fcbf6ad 8fd92e4671341e79f0a3529ac5e9d59d38db9e78 0c40bafcfdc8adc6db63a6a5bfdb3dd5201798e6163fc674dc2fcbdb2a4134f1
POST /i/v0/e/?ip=1&_=1713443820032&ver=1.128.0&compression=gzip-js HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 963
Origin: https://1wwgth.life
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:37:00 GMT
content-type: application/json
content-length: 15
vary: origin, access-control-request-method, access-control-request-headers
access-control-allow-origin: https://1wwgth.life
access-control-allow-credentials: true
x-envoy-upstream-service-time: 76
server: envoy
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js | 142.250.74.35 | 200 OK | 203 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js IP142.250.74.35:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeJavaScript source, ASCII text, with very long lines (554) Size203 kB (203369 bytes) Hashe9ccb3dbde79ba5ffdf9cad4b32d59fd 3a8cd67adc7c885bdf683f1e7f491e6a4a50679f 8f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137
GET /recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wwgth.life
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 203369
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 13 Apr 2024 02:30:15 GMT
expires: Sun, 13 Apr 2025 02:30:15 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 29 Mar 2024 04:30:36 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 468405
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713443817072&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=951017754.1713443820&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1713443819&sct=1&seg=0&dl=https%3A%2F%2F1wwgth.life%2F%3Fopen%3Dregister&dt=1win%20-%20Loading&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wwgth.life%2F%3Fopen%3Dregister&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4414 | 216.239.34.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713443817072&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=951017754.1713443820&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1713443819&sct=1&seg=0&dl=https%3A%2F%2F1wwgth.life%2F%3Fopen%3Dregister&dt=1win%20-%20Loading&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wwgth.life%2F%3Fopen%3Dregister&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4414 IP216.239.34.36:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713443817072&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=951017754.1713443820&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1713443819&sct=1&seg=0&dl=https%3A%2F%2F1wwgth.life%2F%3Fopen%3Dregister&dt=1win%20-%20Loading&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wwgth.life%2F%3Fopen%3Dregister&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4414 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wwgth.life
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wwgth.life
date: Thu, 18 Apr 2024 12:37:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=*&eid=32&u=AgAAAAAIAAAAAIA&h=Ag&z=0 | 142.250.74.168 | 200 OK | 0 B |
URL GET HTTP/3www.googletagmanager.com/a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=*&eid=32&u=AgAAAAAIAAAAAIA&h=Ag&z=0 IP142.250.74.168:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=*&eid=32&u=AgAAAAAIAAAAAIA&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:37:00 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| eu.i.posthog.com/i/v0/e/?ip=1&_=1713443823109&ver=1.128.0&compression=gzip-js | 52.57.233.141 | 200 OK | 15 B |
URL POST HTTP/2eu.i.posthog.com/i/v0/e/?ip=1&_=1713443823109&ver=1.128.0&compression=gzip-js IP52.57.233.141:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerAmazon Subject*.i.posthog.com Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67 ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT
Hashc86a47ac0d792e37182689c73fcbf6ad 8fd92e4671341e79f0a3529ac5e9d59d38db9e78 0c40bafcfdc8adc6db63a6a5bfdb3dd5201798e6163fc674dc2fcbdb2a4134f1
POST /i/v0/e/?ip=1&_=1713443823109&ver=1.128.0&compression=gzip-js HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 754
Origin: https://1wwgth.life
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:37:03 GMT
content-type: application/json
content-length: 15
vary: origin, access-control-request-method, access-control-request-headers
access-control-allow-origin: https://1wwgth.life
access-control-allow-credentials: true
x-envoy-upstream-service-time: 52
server: envoy
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/24644.ff7d12e57.js | 154.197.121.128 | 200 OK | 6.9 kB |
URL GET HTTP/21win-cdn.com/js/24644.ff7d12e57.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash27e026a89d11d20d608b556505381f51 55deaeb4f98886f59067451fc0f0c7ba0e82be15 5affaff1d4a3d58257736ecff1a785c5f6214545bdda1640dd8f0fe8d4868d2d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/24644.ff7d12e57.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-245"
expires: Sun, 16 Apr 2034 12:36:59 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1233250
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41dfece712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/nolimit%20city.5b7440267.svg | 154.197.121.128 | 200 OK | 8.3 kB |
URL GET HTTP/21win-cdn.com/img/nolimit%20city.5b7440267.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash8de5fb7cafe7ad51581e39a873b1eb7b 4c1fea12965948c805645ad5e77400dfc2fcdd18 b879e205f6c59a2ebbd2588859b33a4bcdb987d6d8fbea31a70a98e983ab8fb7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/nolimit%20city.5b7440267.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-693"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4187e43712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713443817072&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=951017754.1713443820&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1713443819&sct=1&seg=0&dl=https%3A%2F%2F1wwgth.life%2F%3Fopen%3Dregister&dt=1win%20-%20Loading&en=registration_form_view&ep.page_url=https%3A%2F%2F1wwgth.life%2F%3Fopen%3Dregister&ep.domain=1wwgth.life&tfd=10021 | 216.239.34.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713443817072&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=951017754.1713443820&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1713443819&sct=1&seg=0&dl=https%3A%2F%2F1wwgth.life%2F%3Fopen%3Dregister&dt=1win%20-%20Loading&en=registration_form_view&ep.page_url=https%3A%2F%2F1wwgth.life%2F%3Fopen%3Dregister&ep.domain=1wwgth.life&tfd=10021 IP216.239.34.36:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713443817072&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=951017754.1713443820&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1713443819&sct=1&seg=0&dl=https%3A%2F%2F1wwgth.life%2F%3Fopen%3Dregister&dt=1win%20-%20Loading&en=registration_form_view&ep.page_url=https%3A%2F%2F1wwgth.life%2F%3Fopen%3Dregister&ep.domain=1wwgth.life&tfd=10021 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wwgth.life
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1wwgth.life
date: Thu, 18 Apr 2024 12:37:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/silverback.297288e25.svg | 154.197.121.128 | 200 OK | 23 kB |
URL GET HTTP/21win-cdn.com/img/silverback.297288e25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashbbf522ee47ca11106311c1f826aa6157 9600141c79840e0a701f65fd699478cb159fc798 0d65b386bec6ba0ce67b786f6d21b5afeb0ab43ce74f3ad54051b45c31bdf054
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/silverback.297288e25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:46:03 GMT
etag: W/"6620f9eb-a2dd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4196f9f712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/habanero.92654c79c.svg | 154.197.121.128 | | 49 kB |
URL 1win-cdn.com/img/habanero.92654c79c.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashbd83138bace46637e097016213faceaa 6a25f69c6c82184c819fff44c205d0142dae263e d36869cb6956d3ebfd8ccfa72a587cbdff5049226ff1200fd20e85b886672795
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/habanero.92654c79c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-de9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4181db2712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp | 154.197.121.128 | 200 OK | 48 kB |
URL GET HTTP/21win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash5495ba7e07dc7a05a6008b8585bca92b f8dadc060dcf17862805f72d7815c9b9b119375e 570d0b7b7b49c540125d6b4636dcd2284e0c18a2c015ea56035b21ae91e400c7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bonus_hover_1.eb9b2d69a-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:37:16 GMT
content-type: image/webp
content-length: 47816
last-modified: Thu, 18 Apr 2024 11:58:28 GMT
etag: "66210ae4-bac8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 16:37:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b48cac1f712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/38209.ce0dbb534.js | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/js/38209.ce0dbb534.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1359), with no line terminators Hash8cac0a300131504f4cdf9de98e24c2bc c76c49c15203750221970fefea15fe0352bb9978 a213d9451b50ae86bd8e75883092b22dedfcdc6ae2e26f5dd9c7de3d8957c16d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/38209.ce0dbb534.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-51f"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b411ebcd712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57652.297e4ecc2.js | 154.197.121.128 | 200 OK | 647 B |
URL GET HTTP/21win-cdn.com/js/57652.297e4ecc2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (667), with no line terminators Hash53d580c5f29a2a838b6595fa6ff0f0a3 ab60adb7207a806d271778effe677ed01dc144b0 d09039f573818646e722fef48f6f9d999dc7382548877a5699e9b45be29ec6dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4129cbc712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-roulette@2.255074856-256.webp | 154.197.121.128 | 200 OK | 720 kB |
URL GET HTTP/21win-cdn.com/img/sprite-roulette@2.255074856-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Size720 kB (719644 bytes) Hash344d71695bd0f387fedd84fba6ace2c1 1d37e2d66ab1098072febc0a0dc3769d44090048 7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-roulette@2.255074856-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/webp
content-length: 719644
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
etag: "6620e288-afb1c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2814
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4132e04712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bf%20games.7559aed26.svg | 154.197.121.128 | 200 OK | 5.0 kB |
URL GET HTTP/21win-cdn.com/img/bf%20games.7559aed26.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb94bb2811096b861bfbf8fbcd4de9149 17418a385bb399e79588ba1f6d3ee661c40197c5 c1f44795037017c6bfdb6b4e563a6c9323468cc8df433cfd871784dcf55472f1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bf%20games.7559aed26.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-1382"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5157
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d85712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/liw.134f23084.svg | 154.197.121.128 | 200 OK | 7.8 kB |
URL GET HTTP/21win-cdn.com/img/liw.134f23084.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash264daa943330a145d35b4c46632ff260 9eb716994914e9640f1a2965a0cef6eeb6c2eba0 f0224d25386512226df690d731c56ff27c141f6c608684d2c3d67fa9e26594de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/liw.134f23084.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-1e9e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4187e39712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/upgaming.242b9e921.svg | 154.197.121.128 | 200 OK | 4.8 kB |
URL GET HTTP/21win-cdn.com/img/upgaming.242b9e921.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashaeb4cc1caa82c4f55b3598ea0c7003fd 8c1eec585578ba1c3803b2d6b724d67cb8e3de25 236f3b8b8aad7f6ad5e23aa1eaf555fb7420d9dd6eb1df70e7957b1707554982
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/upgaming.242b9e921.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-129c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b419e8a6712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/56657.79f59e0fd.js | 154.197.121.128 | 200 OK | 48 kB |
URL GET HTTP/21win-cdn.com/js/56657.79f59e0fd.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/56657.79f59e0fd.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-bd66"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 240637
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4114af3712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91217.fc8dbcaea.js | 154.197.121.128 | 200 OK | 828 B |
URL GET HTTP/21win-cdn.com/js/91217.fc8dbcaea.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (846), with no line terminators Hash873b0a1f00b7e367ac6843a8b9e80deb b9333e21da514f326abf81822702b8897c39fb48 647917f9f3afebc3e96f7512bdfa2faf4e3b02948b908fedc205a18a5aa4c76c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/91217.fc8dbcaea.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-33c"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b411ebc3712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderspin.2d11ae63d.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/thunderspin.2d11ae63d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash604f41c295f537f07943cfe15d6f15f2 ab1b0075af6b7a8c6aa80eaa1ffbec9931a09369 9a89dee21e4f99f3d08e324ca4d4c6b1c08f3acc53bbc9027d57757359734198
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/thunderspin.2d11ae63d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-9d8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b419d881712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@png IP0.0.0.0:0
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif | 188.114.96.1 | 200 OK | 5.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashbaf3f199ffdfb682bbcd9d3837e517c0 3803d7a122952937942ab92c0724af229c4f2dfe 2e33b0efc808c5c2e8e2741821e0b3aa7f595fd7c5d14b51a5b0b75c5fd87058
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/avif
content-length: 5627
cache-control: public, max-age=31536000
content-disposition: inline; filename="0c8b561e-d1d5-4e08-903f-f0b53d280c7c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MThkLTE2MjkwIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: 5K4g--Pyiqr6b2Ea_4rTn
cf-cache-status: HIT
age: 13824
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ryjwpjFLHi13HjCF8Q6iAC5v0o1ymRzg7bNdNRtxzmQ1%2BKNoOTYi%2BqYiKIH%2FKw5j6wz2S0XZn4KhtINHpj57MnDtn36p7S5sdXCGd4chHvqlhs%2FzVVF%2FvyLHonXQ9XmQw3sf1psRuTY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4163eb0b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/red%20tiger.157f419e2.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/img/red%20tiger.157f419e2.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashf0a8d4ae6c95b6d6b2b0bbbaa62aad9d 9ea188283d324f5c87a802c14ec3386167e7e2a8 4572ee67d26acf1ccb35decf47651e67464a7dc0a438d79c721b9ba739f14d2e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/red%20tiger.157f419e2.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-3990"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2291
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4191f2a712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp | 154.197.121.128 | 200 OK | 40 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash14de8fd7c8de24bb9f6f89ddd3c2d480 9635193c712dafa2c58339dee09588880a96a980 633593c73a175eabb2a5716a04aa84b1b49fc8e4ac4687b07509db36350076b7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_bg.0e037ee17-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/webp
content-length: 39614
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: "6620fe2b-9abe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41b0a7f712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62873.835acdef0.js | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/js/62873.835acdef0.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2708), with no line terminators Hash396311b0fa4a45217e662bd32d36a408 1143c895776dcca4d26fce42a99745e12a233ebf d52bb607a4213a149e1e268d48987647a8c8a7b0ea4aef8fec89ad847c0ffaa8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/62873.835acdef0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 16 Apr 2024 10:04:48 GMT
etag: W/"661e4d40-a86"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 179417
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b410ca40712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/1290.b71054ef1.js | 154.197.121.128 | 200 OK | 8.4 kB |
URL GET HTTP/21win-cdn.com/js/1290.b71054ef1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeASCII text, with very long lines (8693), with no line terminators Hashaa32cf6a7993d3d7fcba3f78cddb56d7 72e12bd7f82d76938a358c3132e0e1d450e7f0b9 4b8234abd747a38a653603ec1e9e33f6ca9f4d32e58f385c6a2fb3ebe8f1af8b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/1290.b71054ef1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 09 Apr 2024 10:12:46 GMT
etag: W/"6615149e-20fb"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 785079
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b410fa8d712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pragmatic.2e7a96b71.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/pragmatic.2e7a96b71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash0318d08339acfa9fb15b1f56bb22b145 caa87d78a9c14af0beeb66733294652e6b1627b8 24fe7388e4f3fc5ddea45e6369a02683ca4ecbe85d5e18c8f67d47a69709cea9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pragmatic.2e7a96b71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-953"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b418be9e712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif | 188.114.96.1 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash2bb5dde390003652a0eb9ebe2ec82506 a380f9976a7e050fb4d5d16645fb739f1c012635 8a7bde50fbfc69782f930b7983c89539fa483d076ec7bfd327cbf615987bed3b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/avif
content-length: 8197
cache-control: public, max-age=31536000
content-disposition: inline; filename="3223fafb-6b1b-46ba-bb4e-d667854eb8e8.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NGIzZjM1LTMwNzIxIg"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: QMJdvaCksJ0h6mJwC6n0J
cf-cache-status: HIT
age: 13825
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=USQce7DC0dHAO%2Fm8YzSSjmEyIZf0qtTw86QtvRSXRcDLLa3W6JCKmokNAXXX0J0SFjWtHBPU0xOD78kWzt2ghMVbdZEjvN5gzRZxOzcydE3Yhe3ibg0bKrXY5c6tffjyxPw0jCp6cik%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41d9e0ab51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2%20multiplayer.00302c7de.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/1x2%20multiplayer.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash113eb6d7137f5f70e8e824f5487e85bd 3d4d5852693e551b81b3d8106608e11bdb3a5080 72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1x2%20multiplayer.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4170bf1712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/caleta.b1dc71f69.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/caleta.b1dc71f69.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashbbba19a0f7e2c3b02a8ca7d7c833eb63 5dd340d9cc4c395174865b155829f3054fb29275 96061a9a0bc3a990d16e91b8c52ca6436dfde7223b3e9741bee8a772f4559ccd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/caleta.b1dc71f69.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-518"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d8c712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderkick.6962312e1.svg | 154.197.121.128 | 200 OK | 841 B |
URL GET HTTP/21win-cdn.com/img/thunderkick.6962312e1.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashee06089b308c5065a8e92a32b7b38686 2e83ac75ceb109c245525a733cfb3efc97cc42bd 24c651706b7981a60f137cc5b44b8d28dd81116565ffbdaef6687c8b41e4da21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/thunderkick.6962312e1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2291
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b419d878712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js | 142.250.74.164 | 200 OK | 850 B |
URL GET HTTP/2www.google.com/recaptcha/api.js IP142.250.74.164:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06 ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT
File typeJavaScript source, ASCII text, with very long lines (850), with no line terminators Hash1613f25e7a73976f440bd3c174bc1dc3 ffa5be6619ae6109c6e412186e0f12b8d8a73cd9 091a7de491da06df67c869b9905c1d028eb2816e68360c0b5b7a4fa8ce590322
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Thu, 18 Apr 2024 12:36:59 GMT
date: Thu, 18 Apr 2024 12:36:59 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| eu.posthog.com/static/array.js | 143.204.55.92 | 200 OK | 130 kB |
URL GET HTTP/2eu.posthog.com/static/array.js IP143.204.55.92:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerAmazon Subjecteu.posthog.com FingerprintCD:80:CA:06:24:DE:05:6B:0F:F1:7A:73:7B:98:D6:12:09:83:32:4F ValidityWed, 09 Aug 2023 00:00:00 GMT - Sat, 07 Sep 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size130 kB (130123 bytes) Hash6a18ce3762786e57e705f12008f1d0f7 c40c7918cf13aa2c0b6140d93c41b6dba05fd4ea 49199d66052d2114a099bd60a975d2e861bc171c3d3c64b5501bc1ab6c3ff0fb
GET /static/array.js HTTP/1.1
Host: eu.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript
last-modified: Thu, 18 Apr 2024 12:18:15 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: eeKP_up314phu0uzukkCd.XIh0UlMxbt
server: AmazonS3
content-encoding: br
date: Thu, 18 Apr 2024 12:36:37 GMT
etag: W/"6a18ce3762786e57e705f12008f1d0f7"
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: sf8USrVMViZ3YpqgJCAV73JW3Z1eA6YykX4M4B3ulgQA8nW_PJpPEA==
age: 20
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91635.a2db5f817.js | 154.197.121.128 | 200 OK | 748 B |
URL GET HTTP/21win-cdn.com/js/91635.a2db5f817.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (766), with no line terminators Hash74c5864ef446bbb00f9e7e1b39eff8f9 04696352def160b6c3536b2b11c4351f02f49780 348cacf24053c417315aaf1dd971cf88c758964beeb37725c7f683b90bb5e7d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/91635.a2db5f817.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2ec"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b411ebcb712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamomat.593230062.svg | 154.197.121.128 | 200 OK | 643 B |
URL GET HTTP/21win-cdn.com/img/gamomat.593230062.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashbfaa3d42e6ab264b9080e74f867e85de 5026f5b14a42af9eaaf3d09468fa27728287cdae 9911098f481a732b6e8ae3ff8ce922ae03f087eba0d8359f1ad1a23b8a71e630
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gamomat.593230062.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-283"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4181dac712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/smartsoft.d8a4b520d.svg | 154.197.121.128 | 200 OK | 299 kB |
URL GET HTTP/21win-cdn.com/img/smartsoft.d8a4b520d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Size299 kB (298969 bytes) Hash6bec0d360a5db76d67f9da29d3d4d206 614068b8909c0fdf885888290e5c0d62cff35951 df436f88f7f3b8bca45c6f8717853ca32849bb220297851fca614a4d574e6eda
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/smartsoft.d8a4b520d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-48fd9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4196fa7712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cyberslots.988fdd12e.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET HTTP/21win-cdn.com/img/cyberslots.988fdd12e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashaeeace00abaabb5ae6a47e900873f09b d6e4385ea3efcfbfba30b6f0a58ea08ec9a11a95 0c1fdd20cf809c07733b67a12eb0f3cdc88a57ebcbb2ba293a717b4b9b3865ab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cyberslots.988fdd12e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-901"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d95712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamebeat.5649e97f9.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/gamebeat.5649e97f9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashf47237dc478a7b0d1ed4d2687cc13396 66ce5afa1722b78b22858e1ae057290f36a13c81 af0e90737145635ae2a9807d550dfc2bd2746cbc50f74b828a3aa4c0e9a8ca19
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gamebeat.5649e97f9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-472"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4181da8712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spearhead.27c37f3dd.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/spearhead.27c37f3dd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb7d0037b4b499acbf11a3a7d22d9f7e8 b4a122e841ea28158af2f35adaf0b802713ffda3 aaa2c2f064d9c7709062169ce8ef64c7e6158b89d6700351c1be538cb0bdc0fe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spearhead.27c37f3dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-4aa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4197fba712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/tvbet.fea6d0222.svg | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/img/tvbet.fea6d0222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashdaf98e0c0d45cb1db158d09bd07e4959 2c28a0c557fb1cf89267d49d2d5ff2a958f896c9 e3f1319aa5c6feb25f6b42156eda20d784b7a7fa6ed97488292a7f5e23b44ab4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/tvbet.fea6d0222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-24ca"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b419e8a3712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash443b070227be618d0513c134be5b65f2 cea77f63f79f4a2406af9f75e29078e40c69f9e3 99766510c4cf78a018e87ef969b90f738755e653efa66e1b5f2f9e6ab7d41ed8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/3%20oaks%20gaming.a6d146d58.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-aa2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2711
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4171bff712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/electric%20elephant%20.dd56c804d.svg | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET HTTP/21win-cdn.com/img/electric%20elephant%20.dd56c804d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashee4b076249d3d52c42ca2f59e03cae25 d072a4002835fbd0279757a42bed97a398e7adf7 9eeb2fb4664558d20a84cd82fb347d73ef91975eb4a5c5ee274b16f3ebd9c495
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/electric%20elephant%20.dd56c804d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-143b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d9b712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playbro.9ed310f23.svg | 154.197.121.128 | 200 OK | 4.8 kB |
URL GET HTTP/21win-cdn.com/img/playbro.9ed310f23.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash221b773f0eb73aa28f7617e628f7fc2f 67e3b29f4a951351da5183dd7d6e083fbc991322 4ad7ef6a7e11897fa2b2830921fe86a3d878866c81c87d159f90732be0d30e9d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/playbro.9ed310f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-12e7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1539
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b418be96712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/quickspin.d9067a98a.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/quickspin.d9067a98a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash2981087d9047df84f1f173886d7f2353 27ee3db1546e61fb1042fe15065f39266f85bcc8 5dcab82097da033050612cbf50989d6cc9d2fe6823af9c8ea82affdc504e5a3d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/quickspin.d9067a98a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-954"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2291
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b418eed2712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-casino.fd47961dc.js | 154.197.121.128 | 200 OK | 91 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-casino.fd47961dc.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashcaf103b3719cd36e18dd18439deac2fe b2e498d23c374abbc8ccd46f2ca03cb2bb2f41a3 4b280d2612a827e6604aef233c91cfd79b359a47065c728a350d0646c5c8a68c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-casino.fd47961dc.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-164f9"
expires: Sun, 16 Apr 2034 12:36:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234843
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b416cb8e712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57460.093f52cba.js | 154.197.121.128 | 200 OK | 438 B |
URL GET HTTP/21win-cdn.com/js/57460.093f52cba.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (460), with no line terminators Hash6dec8ed713dfd3300ca7f2907fe2f259 a467664dd1f209c8b7360ae5088144073d4b6272 a359d5ee11e7b5c08922355687a9b639fb2d73f1a259db499e935d49dfba9386
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/57460.093f52cba.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1b6"
expires: Sun, 16 Apr 2034 12:36:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234843
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4173c3b712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wazdan.1cf2cebcc.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/wazdan.1cf2cebcc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashf19410782a9e906c5987a9ec3dec0a8e 9df4dc8c8b7defde41a5caea964099dd1c882245 728bdcd00db7137c2e314ddf1f2dbe368b5a66d31ff5ccf0ca8e8ba83e3da5c9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/wazdan.1cf2cebcc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-7bd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2291
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b419f8bc712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.3d1bcbde1.js | 154.197.121.128 | 200 OK | 137 kB |
URL GET HTTP/21win-cdn.com/js/desktop.3d1bcbde1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size137 kB (137193 bytes) Hashea365c2f3a052dff765c477b90cd42fb 614713026b9faaa85f6d8951e5373511dc749ec0 3b860f1c58b824ef2130e65580b91c6b435fa77ff60a1dfa94be836ece24303c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.3d1bcbde1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 11:58:28 GMT
etag: W/"66210ae4-217e9"
expires: Sun, 16 Apr 2034 12:36:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1538
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b40d6d10712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wwgth.life/firebase/8.1.1/firebase-messaging.js | 190.115.24.78 | 200 OK | 41 kB |
URL GET HTTP/21wwgth.life/firebase/8.1.1/firebase-messaging.js IP190.115.24.78:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerLet's Encrypt Subject1wwgth.life FingerprintD0:50:3A:00:D7:C4:5B:CE:E5:04:7E:BE:38:07:17:52:38:8F:81:9A ValidityTue, 02 Apr 2024 18:53:39 GMT - Mon, 01 Jul 2024 18:53:38 GMT
File typeJavaScript source, ASCII text, with very long lines (40719) Hash450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f
GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wwgth.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/?open=register
Cookie: __ddg1_=y6gkMzcXQM0UoOIjd2ab; visit_domain=1wwgth.life; core-sticky=http://10.233.84.150:80; ph_phc_g0UTdOPocaIsKP6mrNYRhKJrTmq7XwcuBgfYvKmPnj6_posthog=%7B%22distinct_id%22%3A%22018ef135-c4bd-7423-824a-d3c5b6e8f2d6%22%2C%22%24sesid%22%3A%5B1713443817103%2C%22018ef135-c4cb-741e-9353-b20d7d8c092c%22%2C1713443816651%5D%7D; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJhNTk1ODZlNC04Mjc0LTRiZjItYjBjZS0wNTE0MDBmMTUxOGQlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzEzNDQzODE2Nzc3JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxMzQ0MzgxNjgxNyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Wed, 17 Apr 2024 02:31:33 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 10:46:25 GMT
etag: W/"661e5701-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 122724
content-length: 10915
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/lucky-jet.f927485da.svg | 154.197.121.128 | 200 OK | 4.0 kB |
URL GET HTTP/21win-cdn.com/img/lucky-jet.f927485da.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash46387a9ff4a17ec246107df243120bfb f662dcb3e5629d8b9dcd169f73e31f95309bda40 b3cffaeaa51fa3689ab70d930776d565a90ab7caaaace2f1cac5f67cfc13205f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6820
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4125c5a712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netent.95417a961.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/netent.95417a961.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash24c2a93da817e20deb8796b20655510d e0e0acc2a55fd9623907272dac8f96c8f30360c6 01707112895fbab90532a0afbe23c9ec0402c8f73656fb87e74eca54550a5bcf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/netent.95417a961.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-3f7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4187e40712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/zillion.c0e3dd6f0.svg | 154.197.121.128 | 200 OK | 684 B |
URL GET HTTP/21win-cdn.com/img/zillion.c0e3dd6f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashd9e09ca4e933fc8dabb60c1335cb7cd6 37b3bb2ea200f88ae0f7c681547dfba6fcce1449 fb15bc779be9be33fbb41082ce8c6defe5cbeb6273b2a3cf620e40ef4416c177
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/zillion.c0e3dd6f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-2ac"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1539
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b419f8d6712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@png IP0.0.0.0:0
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/js/39061.b6ef077a8.js | 154.197.121.128 | 200 OK | 92 kB |
URL GET HTTP/21win-cdn.com/js/39061.b6ef077a8.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/39061.b6ef077a8.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-16929"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 248790
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b410da67712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/7mojos%20live.cb6749a25.svg | 154.197.121.128 | 200 OK | 6.6 kB |
URL GET HTTP/21win-cdn.com/img/7mojos%20live.cb6749a25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash63dcbe9ebaa3f238a8c0152142b06a03 cac36df8800a2f72b9b51f9eeffd74e82be4ae7e c22e31035811334913ddbd32cfc1881c38c08fdd4d4b4c1c5362ecb6ee23a316
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20live.cb6749a25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-19ef"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4175c60712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cool%20games.019d15340.svg | 154.197.121.128 | 200 OK | 3.6 kB |
URL GET HTTP/21win-cdn.com/img/cool%20games.019d15340.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc3efa9849696becabebca718837f0827 96c9a9ae1bcc9e9b7ca05f52c14a1dc0cd986653 ee6d141e322862aa269184cbe47e86f7e8882b13966a905121857502eaa1a8fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cool%20games.019d15340.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-e13"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d8f712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/turbo%20games.0a45ae56b.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/turbo%20games.0a45ae56b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hasha3d3ed5aaed2f3fd7a089aa6b6e00aea d366f4c84c203fd116575a62676b89bcd97c5816 8c7289cbe7f24989aef5f3b52bf00d1178c03b134a718bdbf54d7ffa7d8426ed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/turbo%20games.0a45ae56b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-416"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b419e89a712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif | 188.114.96.1 | 200 OK | 7.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash6a86c5bb3ff2902051c8a5b9212df604 4c871b9b1b0da3cb252977e3177d302cad6230fd 131c4194037afc4e0e990751d6b75b478eef845d855d2d20bc2722612ddf671c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/avif
content-length: 7785
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWNlZTJkLTZiYjFhIg"
expires: Mon, 22 Apr 2024 09:31:24 GMT
x-request-id: wdVogJG6lGKG5dXt_-vLW
cf-cache-status: HIT
age: 270334
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w8pCgA7FYK2LO%2FgvPskS299nT55km6m48vTrIC8HC00zC2p78fh4jLTT98TqQr8I4YCkXRJDLGGlzZAHKtt5UwcSc%2FSwHn2WViJKTQ85PdMEtZRNBJOtLqDRhvj2W23MOIPWYbyQ7QE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41a5fc2b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bonus_hover_1.a84694805-1979.png | 0.0.0.0 | | 0 B |
URL GET 1win-cdn.com/img/bonus_hover_1.a84694805-1979.png IP0.0.0.0:0
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bonus_hover_1.a84694805-1979.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png | 154.197.121.128 | 200 OK | 16 kB |
URL GET HTTP/21win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hash2018c59c5dccfaec96873d1ce9a60276 46ad94df758fdb9f0a257d99fcf52314cf5df926 b57379b1cd70db0d460ce31140e81eb78d3347ad6f7dd2cf9fe1c624d5e65439
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-dice-frame@2.8e0d70675-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 15901
cf-bgj: imgq:100,h2pri
cf-polished: origSize=17269
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620fe2b-4375"
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
cf-cache-status: HIT
age: 2290
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4132e05712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evoplay.cfa676ca9.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/evoplay.cfa676ca9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash7b4d8b1998ceae4f1e4defe0e5b322a9 b60d4fa2033a28349d7920647907368835ab514d ba06d2a9476e9302fb1576b656f6c522ada52d31d30e9461649e874207ca18bb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/evoplay.cfa676ca9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-a24"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180da0712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/kalamba.6e06f7faa.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/img/kalamba.6e06f7faa.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash7c40c808f85699562366c94d8075727c daba803ead149eec52b19b82e57afa940922e3c1 8b130bc8c17d44e469cdaabdb68bf8bd4fd819a3763227a6c5601b28a637b8d1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/kalamba.6e06f7faa.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-a9c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4187e36712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playson.2ff1c7d85.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET HTTP/21win-cdn.com/img/playson.2ff1c7d85.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash241ae7d1512148f38162202a1838bcf7 7937917d26b57052c052b0cce94f5d1697c8caa7 a6bbee3377db6138a13bd0bd2bc21f778d1f5744a38653efe4acb48d8078367e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/playson.2ff1c7d85.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-ae5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b418be98712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/58183.7ca670498.js | 154.197.121.128 | 200 OK | 88 kB |
URL GET HTTP/21win-cdn.com/js/58183.7ca670498.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash29c3cb0dbfa599b34f0f87ddfcdb41d3 3a0203c8ebcfe397ec82c2302603badc95ee5d2f 8e534ae1b4258d7bf332bdf3abb158404804bb1ce1277271346e3336fd2b6a98
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/58183.7ca670498.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-15645"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234846
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b410da55712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90206.e6b56ddaa.js | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/js/90206.e6b56ddaa.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/90206.e6b56ddaa.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-2d08"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 248790
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b410ea74712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashee7f334d83ac78ee94aa7cb499a7d252 acaf3f1ec2dd643c920f036bceed9922c4398d9a eef20c5785f1ea1445bc5d54982011d999ae577a2d354eb7035465336ad1555b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20slots.c8ad63b4f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-233d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4175c63712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/relax.1a68769f8.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/relax.1a68769f8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashd29d9c49a3e8be4842246e8b658651b1 71129bcf41f71edffe3fb4db0b4ff2faf37bd536 67d8edefc6b96e711c297519bc268d93c477cebc6a6cd0f912bb1567ee2a71eb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/relax.1a68769f8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2291
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4194f69712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif | 188.114.96.1 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hasha301711d2f250aac2cf9a7b842d5639e f64334b263231df3e7505d31d155e4277e8337db c44c30f8bb76dda1f98ed40d6aa5eb9e0b906618ba0ef88033c315b926d51668
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/avif
content-length: 7665
cache-control: public, max-age=31536000
content-disposition: inline; filename="a2d833f8-b8d6-4fb7-8063-08501557df20.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZmQ1ZTBlLTRmM2ViIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: IBHqLuZM_TiUsggrj8i_P
cf-cache-status: HIT
age: 13825
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2BaDh46Ld1LIbnZ3moSKoGa39XkxQUV9BT0s1NwKtp86UKSmnkgz%2B5I55DDkSPwEGd32fX1SdjHU2nERNzTMwIjrR0oU8QeTuxBqq3NqHiyurbwlfqgsWSZOxlcMU2uGK0UtgUaA8ik%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41a5fb2b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/58258.98332d90c.js | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/js/58258.98332d90c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2724), with no line terminators Hash8692e36ae40202509fcf29c9029676f1 7709e6929dc63ac467d0bd948268795fbec2181b b1ec5aac00e643db59f10336f15e83163d7840bcb12bf70938dea4ab61993b26
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/58258.98332d90c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-a8c"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b412ace2712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/reelplay.06dc7f4c0.svg | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/reelplay.06dc7f4c0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb322085b94eec118c20d5acba9ea8465 616f9440231bd629e6d2b6aea1d1baac51386151 542c8ac685d4bf37c20fe8c1b758db347c1300495f467ee0cf4d335239c42b26
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/reelplay.06dc7f4c0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:46:03 GMT
etag: W/"6620f9eb-60b9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4193f5c712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/worldmatch.9f3d40aa7.svg | 154.197.121.128 | 200 OK | 522 B |
URL GET HTTP/21win-cdn.com/img/worldmatch.9f3d40aa7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc3aab966ecda4dadceb7b556b4205478 e8e501768b244593d7e5a59b6a7cf77e3b0d4581 ba1ec219d7a5dafe4c7ce5aa35171278f90b26d55c3ce4b1fd2474ce69487bf1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/worldmatch.9f3d40aa7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-20a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5157
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b419f8c3712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=gtm.init_consent&eid=-1&h=Ag&dl=1wwgth.life%2F&tdp=DC-12688802;;1;7;1&rtg=94400803&rlo=22&slo=10&z=0 | 142.250.74.168 | 200 OK | 0 B |
URL GET HTTP/3www.googletagmanager.com/a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=gtm.init_consent&eid=-1&h=Ag&dl=1wwgth.life%2F&tdp=DC-12688802;;1;7;1&rtg=94400803&rlo=22&slo=10&z=0 IP142.250.74.168:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=gtm.init_consent&eid=-1&h=Ag&dl=1wwgth.life%2F&tdp=DC-12688802;;1;7;1&rtg=94400803&rlo=22&slo=10&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2 | 154.197.121.128 | 200 OK | 17 kB |
URL GET HTTP/21win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 16852, version 1.0 Hashc4f31a30bdf4dbced79fb75fc03111cf 14765799051deb933539e19f1ffa26198cabd4c1 cded98e2b95ccbf34690d20e4d466e2457d754f960b819d052d188dae2c9e9fc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-cyrillic.e423f3776.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wwgth.life
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/octet-stream
content-length: 16852
last-modified: Fri, 12 Apr 2024 17:31:46 GMT
etag: "66197002-41d4"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=uFYD4imbZbJonkHwKlG7BBBOQkAyxby.kYuE3yQvZT4-1713443817-1.0.1.1-GSJXKcjJ8DPzYnoJ6zsyb4UUZba.wtDBSfm0gIQGGWZFk104NTTAmoxi3OSs5UyUcBrNwBiqV.1sYYRmCr75Lw; path=/; expires=Thu, 18-Apr-24 13:06:57 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4131e8e712e-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/78449.1776bac9f.js | 154.197.121.128 | 200 OK | 786 B |
URL GET HTTP/21win-cdn.com/js/78449.1776bac9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (804), with no line terminators Hash3997e692861614602ae0ad581192673b 274ba9d8795299558fc25f0bdceb6997a27b8a4d 70920957cad5b0eb4747ccfa5e2cbde79c7f88bd7e3077e5715924c1c4368716
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/78449.1776bac9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-312"
expires: Sun, 16 Apr 2034 12:36:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234843
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d6d712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boldplay.70a46bd71.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/boldplay.70a46bd71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb9145dace81bbcbef7d60609e72c9c63 c182aef9dae96fe22563e38cf8ad0bd5cfb9f588 8efe8d59068c4a443da7fca222bf01d3a94a01db7c7ace4463c434ff0aa93235
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/boldplay.70a46bd71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-123c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d88712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/elbet.701d0b0cd.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/elbet.701d0b0cd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashbd34c45017a4b3fe3d0813abbe16f113 2177a96200b95aa21ece71bfcbeadd200904c279 2ac83316161088868fcb56ac9812110d94b73567efab5e25b7387089d1ba7624
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/elbet.701d0b0cd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-2a4d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d9a712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gameart.7beff0d18.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/gameart.7beff0d18.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash0316280cc350cb02b448e29142cbc493 16182a01de1fe9f3918bdfff51002844776c1b08 be85aab3a3bd01ae6471157366d278a01d650882cccaa670c8d5472eda92a073
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gameart.7beff0d18.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:46:03 GMT
etag: W/"6620f9eb-a30"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4181da7712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/igrosoft.69f8e3ca4.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/igrosoft.69f8e3ca4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc193a82075a3318b6b01f6652548e025 008409af9a242969c8c0205fc8052d17b61410b3 71151a1f7c348dc26ab089351320dfd6cf0ccfe3c0019c475e0917c0f9b353f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/igrosoft.69f8e3ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-500"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2291
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4186e34712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/leap.f4cfad944.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/leap.f4cfad944.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash9129fc106fce1317a16bb3acbd708de8 64dead6ad9646ce68218ae82cf9d369811d3b88d 993824f1fe4aa4c5c4132998d9b0a11fb719a92494f86e32d015a980473a59af
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/leap.f4cfad944.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-99d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4187e37712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/truelab.ec113fba7.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/truelab.ec113fba7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashedd84be1aaadcb0b503864bea380f168 af4583fc1079d7d5e07cc6ca22b56f9eeaab7418 d73eced8792c2507b075c7a7a313f1e228700fda1108d4ab44d707b36b241e06
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/truelab.ec113fba7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-7b0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2291
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b419d889712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/42672.1d05742a3.js | 154.197.121.128 | 200 OK | 884 B |
URL GET HTTP/21win-cdn.com/js/42672.1d05742a3.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (910), with no line terminators Hash84e9ef241ba6d064f080cf809baa8f8b aa88381b3389d9ac5129099cac848b9068c5841f 0ee1a9bf53639249a9ff2b09acb4903f1bd7d4318e25612c0c88b1389af9125f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/42672.1d05742a3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-374"
expires: Sun, 16 Apr 2034 12:36:59 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1233250
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41dfed4712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/49274.4c19402d2.js | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/js/49274.4c19402d2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with very long lines (4858), with no line terminators Hash7462fa6cdc8857fa29ff834330aaa2c5 41127c3c4ab12c3a0d82ea05464235166f812264 b5d9424857cecde749df2d30a93b8c4ed272ad4baa5cb4fa456d0a1d55abbe95
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/49274.4c19402d2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-125b"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 248790
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b410ea7b712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ufc.0ef6261ee.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/ufc.0ef6261ee.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash5e1d7cc60040fd95a490ccc47b6d1e2a 7a5e6176ec8156ab9cdbbe382e92390f05bb388b f993e31c54b287c1ba4d046fb9e9fee3959cbf3a3608c7e8da6cfb4daa1ec083
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ufc.0ef6261ee.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-527"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 85
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41589c5712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/itf.9b1402c42.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET HTTP/21win-cdn.com/img/itf.9b1402c42.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash27cca74bc2226d97c21e7f62ff3d1865 737970ba7c15660eb385cd530793056ea1106019 c1ee5d4712434ef1e4d165c360d4931abdf99d8e8fc81bfa8d64ca8cf8f9fe64
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/itf.9b1402c42.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-af0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 949
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41589ce712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/88971.a170f9f22.js | 154.197.121.128 | 200 OK | 529 B |
URL GET HTTP/21win-cdn.com/js/88971.a170f9f22.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (547), with no line terminators Hash747fc30343cbabbbcd8246b2a4598ccc 9bf22fb112b065a447c3dc013d3e513f7814566d 7970a6d096e6162d9b534b3160178c89ea5aa9c041f6adf5294be76148e09780
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/88971.a170f9f22.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-211"
expires: Sun, 16 Apr 2034 12:36:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234845
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b416dbb9712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/endorphina.20b721ba6.svg | 154.197.121.128 | 200 OK | 7.1 kB |
URL GET HTTP/21win-cdn.com/img/endorphina.20b721ba6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hasha89aae2f962bcb01ecb8e3ddd113b797 706e09d5fa8312ec4cd3c7ca606ad19edca158d9 3a3f4f70b1c092a12634c8a8fbf3409fa001ee6d9a1eed7f0a3a5cfe5866dd6a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/endorphina.20b721ba6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-1bc9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6736
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d9d712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@avif | 188.114.96.1 | 200 OK | 8.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash7e8efe46dde9cda3cd4a173d23aa609e e285ec6cabd58a1f137a323c2795da808c5c65e8 3256461de8e961771cf7d1d55f8a438667b73a8363f69c460026643981a2c1cb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/avif
content-length: 8148
cache-control: public, max-age=31536000
content-disposition: inline; filename="e5e6ff35-98dc-4923-abf3-6f2fe59515fe.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ZTM1M2QzLTJjM2QyIg"
expires: Mon, 22 Apr 2024 10:08:54 GMT
x-request-id: agK_DcwTt9HNC0n9ThMdZ
cf-cache-status: HIT
age: 268084
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v769cKSYLRCIu4ctnqBUKrcDiRAxrqCdf27f3hLriQl1zU2xV%2FA9HybRkHFE2ecPBE27cRU6170Krqc4mMCXVq6usGeDXKvQCR5ta2hPD4gVtoIVZO21tj77HS6KCCYey8%2FmUyHFDhk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41a6feab51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90511.4bc374431.js | 154.197.121.128 | 200 OK | 637 B |
URL GET HTTP/21win-cdn.com/js/90511.4bc374431.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (655), with no line terminators Hasha148eff943a30bc50c489b0cf73349ca 757f5c140878aca4fd1e3c8936e54f6abe59f95f ce9597252bbb61b1a89d84ac59a501e64985510009e7521964cdbf9933e32c09
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234664
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b412accc712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp | 154.197.121.128 | 200 OK | 361 kB |
URL GET HTTP/21win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Size361 kB (360930 bytes) Hash3da44652926631bc4fc847cfcbad6c71 a5f7955272162e543d5db897e200d00d3af22b22 354fe37cee669fe141e1e1dcb3b5a12df1ff2b9b34be38b4f2e20dd46fdb7d2a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-poker@2.a38733e7a-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/webp
content-length: 360930
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
etag: "6620e288-581e2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2814
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4133e0e712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fugaso.1a40d61ad.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/fugaso.1a40d61ad.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashfbe83afa72fe7a858d1fcd467a7e3acb 5dc85aabeac449d7287662a7b6ffe2936e447b84 21f646343e711bc51884ff1699ff6dc11de867dd10a58fee0ad946c197d46cc0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fugaso.1a40d61ad.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-951"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4181da5712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@png IP0.0.0.0:0
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif | 188.114.96.1 | 200 OK | 9.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash19ea6dc62a4b1d3b87a9940660698dd1 8c3052c6f52d60b40824437d282619e91034db7a 37fdf454398cc9c71d94e939cd12dc958e9380d776cc895395d52fca7ff78308
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/avif
content-length: 9300
cache-control: public, max-age=31536000
content-disposition: inline; filename="b766d86a-eade-487b-98e3-7c58464e62de.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MTJlYmFlLTMwYjZmIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: DSnRSuGxNXWGRKbRyfGob
cf-cache-status: HIT
age: 13825
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FADgEsagbq84dSIUMYDl4DxP%2FauZXaX7KsnrPzywFo%2BgyX27HRn9Tcto%2F4Zxczee8pyv8j7NwXDIwqCqHN2LCLcDcm1FxEwJhFVpawpm3XZpk9NpCnjjwkwMReHtENrPkISvOb7fER0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41a5fb3b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif | 188.114.96.1 | 200 OK | 8.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash9867f5ddac7eff5f2fd88dfdec8fd493 6ea9a242437fe23c61e09a00030ae3eee78d3cd1 2a35868035bda3ac30307b7226b56456bb7bab2d244b808e07d3384cd18ba1e1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/avif
content-length: 8337
cache-control: public, max-age=31536000
content-disposition: inline; filename="fbcbd07e-2fbd-4b00-9edd-96eaae801b22.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZTFkNjFmLTdjN2M4Ig"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: 5VTNJ9Z4o3ig4Jxp6vwoI
cf-cache-status: HIT
age: 13825
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qkQQzWlZq9JGQJZuEi%2Bgt0I515a22%2BmBD4UV32w%2FSF3aoPgonmJOrNCuc2OXQKQJTYv3UGIlFsW44m4GIEsoJEKctEP1ntExeN4WWzbm5kvUlPX4%2BcvflhDG1hhkYIlOygLZJWmuS7Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41a8831b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/86359.48c462178.js | 154.197.121.128 | 200 OK | 634 B |
URL GET HTTP/21win-cdn.com/js/86359.48c462178.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (654), with no line terminators Hash33a83c5ac34b557d3037a52c8dead1fe 6bd3202d3720d8c86a84a63f1975b5d53d044ef9 7eb34e53490cdfe14b7d40ae44b2bf4e92d10e204114c1bf5352f6a66c587b8b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b411fbda712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win-normal.34748aac6.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/1win-normal.34748aac6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash6a657a7851fa92f791304f1cdb123e9a ae2def67a366ffe67578bf82e3c47b4f1966e784 8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1win-normal.34748aac6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-1221"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6889
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4124c59712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8653.ed7806659.js | 154.197.121.128 | 200 OK | 952 B |
URL GET HTTP/21win-cdn.com/js/8653.ed7806659.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (994), with no line terminators Hash1a63c0338e50d3b4dfe4a7cea9098d20 3915a35a401582840fc4139f2a94260a8cc21c12 5876ed8be9f28ec2128149035402d973d5b243d80e470048018ec6df9c3d6439
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/8653.ed7806659.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3b8"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b412bce6712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/72949.472bec630.js | 154.197.121.128 | 200 OK | 878 B |
URL GET HTTP/21win-cdn.com/js/72949.472bec630.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (896), with no line terminators Hash2a8b1ec825923193cce2fdbf0877c80e 2b45f42fcceb6299adea8c36486860ee858e8750 b11c64f65e44dafabbcfe220e5985c08d995e5e0450f96d29d1ec245acda1cc7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/72949.472bec630.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-36e"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1226277
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4162ab3712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-home.d21abec30.js | 154.197.121.128 | 200 OK | 19 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-home.d21abec30.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (18922), with no line terminators Hash325c4a59d9bc91d434baa4a7563c38b4 070a43d12a678b20daf2851076340bf4b595d5ff da9eec33115c64c998ab64b58d507a763696e716f0573c9dab499e978e599edf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-home.d21abec30.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-49ea"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b412acda712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amatic.1ad22f1f0.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/amatic.1ad22f1f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashbeaad3ec246cc02d25e05017a1e1739a 391c594a7f9ff5db52bfbd1c41e6577e6ac49dc7 184333dfcbe0cc2997b77991da69552dd91fe8d480186f8a8b76187e11e00a84
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/amatic.1ad22f1f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-400"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2291
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d6e712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/96971.36e8462a3.js | 154.197.121.128 | 200 OK | 24 kB |
URL GET HTTP/21win-cdn.com/js/96971.36e8462a3.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/96971.36e8462a3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-5f51"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 248790
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4110a95712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp | 154.197.121.128 | 200 OK | 430 kB |
URL GET HTTP/21win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Size430 kB (429680 bytes) Hashabaa6833958bdc5427e6fa573cbfa70a d43989916cc382e4e3d983933d9cd52a7d1dbeb2 51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-dice@2.6e1ac0ed1-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/webp
content-length: 429680
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
etag: "6620e288-68e70"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2814
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4132e09712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/genii.367222bbe.svg | 154.197.121.128 | 200 OK | 3.8 kB |
URL GET HTTP/21win-cdn.com/img/genii.367222bbe.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash237593257bbdb3559e06330cf7e76c54 c3e1a90bb3397fff3428fdd71d2a4d7df74ea164 2b84c2a6e55531b52b615ebaba90cd7bb757fe1399e901927b4aba9f1718b097
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/genii.367222bbe.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-ecd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4181db0712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/60609.5ed8b9fec.js | 154.197.121.128 | 200 OK | 623 B |
URL GET HTTP/21win-cdn.com/js/60609.5ed8b9fec.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (649), with no line terminators Hash9188b65f1f1e4829d2d3b88925767e57 c21f94f423f48725cd29d800b45852c170e935dd 4d4c8a7df6aba520d0ee270fab5f306f29a0a564d060eb49d04d29eb18dcfd98
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/60609.5ed8b9fec.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-26f"
expires: Sun, 16 Apr 2034 12:36:59 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1233250
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41dfed9712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/1279.7681fe15f.js | 154.197.121.128 | 200 OK | 911 B |
URL GET HTTP/21win-cdn.com/js/1279.7681fe15f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (929), with no line terminators Hash3a0fd7772f5d3cd77c17b49876743f78 3eb84478f6c0ac3009e81576caf8fa6ddf4e2c5a 5d5a4e691e8df7115cff0e7b2b76131b7b633ce30509dc61fdf36c9ab36989a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/1279.7681fe15f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38f"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b412ed62712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif | 188.114.96.1 | 200 OK | 6.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash6eb918cc26ed4d4b3f96d5b031ebdd69 aca2ee56704a569aa16df44cd5420c8bfb31c6f1 3fba98236326ef72ca6967cc5e0f6ccd4f0f8cce5d06df23e1cbd78713ada4e9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/avif
content-length: 6537
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2MWNmNWE0LWNjOTki"
expires: Mon, 22 Apr 2024 10:47:34 GMT
x-request-id: 5kIWlXmfDst0FwkarnHsl
cf-cache-status: HIT
age: 265763
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vqTkzB5CUaMvu4O5lMSfVJyEGHGBR1mLAWufQEcGfcWMNoCCGrRqA4ugm4swb8B6p%2BPmLRII7YTadYwwXOkUEr7bJEBTj89dWmJ77vMSY10OnK79vDmNqJWqnhLnAbZXvStXwhmb8pQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b414298cb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/big%20time%20gaming.e2bd46001.svg | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/big%20time%20gaming.e2bd46001.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash736482b909f3d90f4b87845b06343f95 05501f25bbd97642449a87b6113fbb3a2cf36f41 68f08269f37245370fb3122fa2c76f755644e1a9cce3e1abb1cda283aff2de62
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/big%20time%20gaming.e2bd46001.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-15e9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d87712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62476.f371b34bc.js | 154.197.121.128 | 200 OK | 423 kB |
URL GET HTTP/21win-cdn.com/js/62476.f371b34bc.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Size423 kB (422842 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/62476.f371b34bc.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 11:58:28 GMT
etag: W/"66210ae4-673ba"
expires: Sun, 16 Apr 2034 12:36:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1759
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b40d6d0c712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/atmosfera.32402e33f.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/atmosfera.32402e33f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3ba4610ae40c2d70390afaa7cba36721 01eeff20113a096675d71c018a7f109c8e53da28 815ee6469c0e9ab67b094e7e529109be7cd887973cfa0d784ac1638e9e5b5637
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/atmosfera.32402e33f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-230d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d75712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@png | 188.114.96.1 | 200 OK | 276 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@png IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 415 x 310, 8-bit/color RGB, non-interlaced Size276 kB (275884 bytes) Hash7acbf007631d46f9421175630e790fd8 fe08ede427ab907ed0ce3c1faac45d0d30543faf ee8530df60b830de0b91de1a3b72343814b1c7e51606d2e162cf026dd8de994a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/png
content-length: 275884
cache-control: public, max-age=31536000
content-disposition: inline; filename="aaf2d443-c77f-48d2-b319-c986f21359b9.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY0MDljNTQ5LTRmZWNiIg"
expires: Sat, 20 Apr 2024 02:36:17 GMT
x-request-id: Y9cG4o5ntkKfpQIxI0BpC
cf-cache-status: HIT
age: 468042
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MUIPfdSErijxYYjxHJR8tFGS6SyUvDnna7ihZSlVq2b30YSejmK%2F4Lv9OcyqJq7gnvHCs%2BKsn0hSQA6cpLPSYKCS20L%2F%2FJHqwVV0t2qXohhKwUWpRcPwNs6m1GXz8tukmp%2F4xyI5wAk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41cdcbcb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@png | 188.114.96.1 | 200 OK | 0 B |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@png IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/png
content-length: 182990
cache-control: public, max-age=31536000
content-disposition: inline; filename="2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MTdiYTBhLTYyM2ZiIg"
expires: Thu, 25 Apr 2024 10:47:25 GMT
x-request-id: QNAAuPB_rPhAn-iC6myUO
cf-cache-status: HIT
age: 6574
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hDY2%2B0NN6%2FmhzBIfdbU0ejMNGyhG2NkwhTZewxVn96J5Kqgt3%2Fc7AACr5YUAZZEDL%2BsfMNTf9q3uk3%2FWjkLGTNcTDoZ1zyZO2Qpf%2BDW%2F3XR3ybDKjdn99H2sP4d26AuD5Kb3Ip4WRDI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41cdcc6b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@png IP0.0.0.0:0
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/js/9726.f171d96f4.js | 154.197.121.128 | 200 OK | 550 B |
URL GET HTTP/21win-cdn.com/js/9726.f171d96f4.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (584), with no line terminators Hashb0269d262b577b24e386d44e3a8a2515 0ae665ce9e9245ac8b29561292e7a208395ea49c 2182a2a1459e2e595fcf4081f7f3a428470038bbd21438c840af61d014ac55b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/9726.f171d96f4.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-226"
expires: Sun, 16 Apr 2034 12:36:59 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1226278
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41dfed6712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gaming%20corps.5c3f3647c.svg | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET HTTP/21win-cdn.com/img/gaming%20corps.5c3f3647c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashddcf2a0ddef8449807db0b7419c39291 9757b762ac3efb096bd45b869ee4d06565a1e9c2 f03dab28c20b3b25823b4b64bbd27953a463c5e9bd7b5bcfa12930f6793fb1e4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gaming%20corps.5c3f3647c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-790"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4181dab712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js | 154.197.121.128 | 200 OK | 121 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size121 kB (121043 bytes) Hash3db61399d0d4c57b17b5a337d59e3f0e 9312e9b832f7c0cc755c7c8b867986babdac8628 876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-payment-full.c748a9e6d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1d8d3"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b412cd11712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wwgth.life/common/title?path=bets&lang=en | 190.115.24.78 | 200 OK | 29 B |
URL GET HTTP/21wwgth.life/common/title?path=bets&lang=en IP190.115.24.78:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerLet's Encrypt Subject1wwgth.life FingerprintD0:50:3A:00:D7:C4:5B:CE:E5:04:7E:BE:38:07:17:52:38:8F:81:9A ValidityTue, 02 Apr 2024 18:53:39 GMT - Mon, 01 Jul 2024 18:53:38 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash55d138477f5d21b2864ed51b2aa3b446 f493c01dcf90c45f2334b9ca47839ce0a014222b 456ce42d8f0a396a6549e0fc1e00649162a0391884d40a887f013a53f681f37b
GET /common/title?path=bets&lang=en HTTP/1.1
Host: 1wwgth.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/?open=register
Cookie: __ddg1_=y6gkMzcXQM0UoOIjd2ab; visit_domain=1wwgth.life; core-sticky=http://10.233.84.150:80; ph_phc_g0UTdOPocaIsKP6mrNYRhKJrTmq7XwcuBgfYvKmPnj6_posthog=%7B%22distinct_id%22%3A%22018ef135-c4bd-7423-824a-d3c5b6e8f2d6%22%2C%22%24sesid%22%3A%5B1713443817103%2C%22018ef135-c4cb-741e-9353-b20d7d8c092c%22%2C1713443816651%5D%7D; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJhNTk1ODZlNC04Mjc0LTRiZjItYjBjZS0wNTE0MDBmMTUxOGQlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzEzNDQzODE2Nzc3JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxMzQ0MzgxNjgxNyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 18 Apr 2024 12:37:00 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"25-bM/5z02X/xOkKbh8eZCiJpcKcd0"
vary: Origin, Accept-Encoding
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playtech.cecac3222.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/playtech.cecac3222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash54cb545ad750e3e670cc7cfaed81c2d4 f808d9b539d13d64c4b405da4dca9b0db732b87e 2bcda89b73c859c34d62c330205d603cb247ae31b00e987f3c3bfaaa3ba2a64e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/playtech.cecac3222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-a00"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b418be99712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8726.6a357273b.js | 154.197.121.128 | 200 OK | 664 B |
URL GET HTTP/21win-cdn.com/js/8726.6a357273b.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (682), with no line terminators Hash2e216c1b879ec285c8c32567174c9af4 e1e1af06fe2299d4a230eb5467395ef6bf3354cc 2e286b2372f85cadaa903f3189b912a18def9e9c561f6b4121af91682164cca2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b412acdc712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/14681.3d5bceb66.js | 154.197.121.128 | 200 OK | 589 B |
URL GET HTTP/21win-cdn.com/js/14681.3d5bceb66.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (613), with no line terminators Hash149e4a7c676bc4cdf89e078e02a8a28e 0ccf4e4c9841de42b7eae7682a85d7b9c9bdff26 696b78be85c41234df8799c6d40aee5c7f7973397578f3d133c3396f6c2b292c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/14681.3d5bceb66.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-24d"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 650575
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4161aa0712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fazi.19d7f4b72.svg | 154.197.121.128 | 200 OK | 645 B |
URL GET HTTP/21win-cdn.com/img/fazi.19d7f4b72.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc2948d97afb6d8e1cf8e7b50b62a9272 a1607553e252407e35addae9b48c1cedfeebd048 309347ec479f691cb02b9aaac9c06aea9cbefa075c591a35b0651e8928e64792
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fazi.19d7f4b72.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-285"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5157
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4181da4712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif | 188.114.96.1 | 200 OK | 9.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash7eb2cba4654091d306b65c6fe0a8f631 e1a4eecb3f5db01aa2774cf811e3c2cda95f426b ffd6b30a5e9e4e68ea1f492d19ba67578359d3a390dd90ea295cbc4bd81827d9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/avif
content-length: 9433
cache-control: public, max-age=31536000
content-disposition: inline; filename="57228a66-bd62-4072-a80c-3bef549a758c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY4Mzc0LTI1MTcxIg"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: h1ybXC_OVncXLs2XUbjAU
cf-cache-status: HIT
age: 13825
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B2d%2Fvux1gE4VfM9e%2FL6ZYMoZmEztJA%2BTW%2BzIJAZv0Vp1peX%2F0%2BCe8yd2HjdNlP3bvxW0GpT%2BudScYQP%2FX0J8VqYRo3i4ta0Bp4nPpy7RCIGMWDGMw1XkUJQwv3zVNR7NIbBGCGamSME%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41d9e2fb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=*&eid=1&h=Ag&z=0 | 142.250.74.168 | 200 OK | 0 B |
URL GET HTTP/3www.googletagmanager.com/a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=*&eid=1&h=Ag&z=0 IP142.250.74.168:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=*&eid=1&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/apparat.f7a706d8e.svg | 154.197.121.128 | 200 OK | 387 B |
URL GET HTTP/21win-cdn.com/img/apparat.f7a706d8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc263fae5892b9bdd3fa5e761a8aeb723 4646d9080fe51e04962c1f2dabf13119c6d71a41 2a333baf6e1f1e4d92fa73faae466563009d96e860c1423519b890b68153b70d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/apparat.f7a706d8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:46:03 GMT
etag: W/"6620f9eb-183"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2291
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d72712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betsoft.cc500155f.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/betsoft.cc500155f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashfa91200f1738243c9a1bf9ebf853c238 43a438416c285aaf55c7f2edb2676616ffa0c838 9235396681ab2e82a2b5ce89e4f2e711f69cde3f6fb83af4050e110c4a55d3c9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betsoft.cc500155f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-1286"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5000
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d81712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/index.b0b844988.js | 154.197.121.128 | 200 OK | 184 kB |
URL GET HTTP/21win-cdn.com/js/index.b0b844988.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Size184 kB (183597 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/index.b0b844988.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 11:58:28 GMT
etag: W/"66210ae4-2cd2d"
expires: Sun, 16 Apr 2034 12:36:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1760
set-cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g; path=/; expires=Thu, 18-Apr-24 13:06:56 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b40c2a5f712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bet2tech.41863da88.svg | 154.197.121.128 | 200 OK | 1.8 kB |
URL GET HTTP/21win-cdn.com/img/bet2tech.41863da88.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash37036b9327cf2f08f10c828a969255cc 110c9e121e3f79982f785db63213d01a94faf4b0 13efe39819f6ca0b2ae3ceba64c239738536fee39cd1d6a4a142079050975f2a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bet2tech.41863da88.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-71f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d7c712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=*&eid=10&h=Ag&z=0 | 142.250.74.168 | 200 OK | 0 B |
URL GET HTTP/3www.googletagmanager.com/a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=*&eid=10&h=Ag&z=0 IP142.250.74.168:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?id=DC-12688802&v=3&t=t&pid=1459245069&cv=1&rv=44f0&tc=1&es=1&e=*&eid=10&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/hacksaw.5f0e80ecd.svg | 154.197.121.128 | 200 OK | 841 B |
URL GET HTTP/21win-cdn.com/img/hacksaw.5f0e80ecd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3371207f99abc98b9fb8ae8e13877c7c 82efe0611bab5262b245fbc98522a20bb2fc6529 ca3477693ffb8842144691591c6344d96dd368cb41b51aaf5e9e40ece7338831
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/hacksaw.5f0e80ecd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2719
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4181dba712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif | 188.114.96.1 | 200 OK | 6.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash45ccd50f5dfaf7808c6795422417f214 38499698cec05af36aa2bc0e390952e400486003 50255b7836fb64aa3258a941253e4a85e7d77d42a4dd8b8129955c20945d7ebc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/avif
content-length: 5951
cache-control: public, max-age=31536000
content-disposition: inline; filename="2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTdiYTBhLTYyM2ZiIg"
expires: Thu, 25 Apr 2024 10:33:31 GMT
x-request-id: 5dOF766PLQIqOPFueIAjz
cf-cache-status: HIT
age: 7408
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gZlyeWqYTRInUnPzmJMY3tBAgdqzFGEa3MAEkR2LfigvHxxSznpncrRFyqJuuIJxhD2OGlkwkzNbZ7c3qGfUs5d6PDjrlmPuL5Z94G106nfPXzl2qaNj5WzjLgbTetH8wXwj6c251WA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41d7de7b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/82331.700755d00.css | 154.197.121.128 | 200 OK | 8.6 kB |
URL GET HTTP/21win-cdn.com/css/82331.700755d00.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeASCII text, with very long lines (8603), with no line terminators Hash23cb17a3decbee390666bc1375720d8c dda90103078b3f3762e9ef714940cf644a329da2 a5d30f640a28a22ca714bd2a3d7ec4b552350dc33bde8d9893d4563e2491d9ab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/82331.700755d00.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: text/css
last-modified: Tue, 09 Apr 2024 10:12:46 GMT
etag: W/"6615149e-2198"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 780738
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4110a98712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png | 154.197.121.128 | 200 OK | 27 kB |
URL GET HTTP/21win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hash9a35699413d56978ea4af6896f0aa16c c22d50770f376a17d5539919541496a1e1e5a626 396126da9646bf2bf8d5a2a9f1e449391db7861540ad243e0ca8c3e0c40fd012
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-roulette-frame@2.76ea5a241-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 27297
cf-bgj: imgq:100,h2pri
cf-polished: origSize=29770
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620fe2b-744a"
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
cf-cache-status: HIT
age: 2290
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4132e02712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/belatra.1e7508387.svg | 154.197.121.128 | 200 OK | 5.1 kB |
URL GET HTTP/21win-cdn.com/img/belatra.1e7508387.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3a3db4a05ec45ff249ff2330cc6131d9 d4e82a85d11863ae6e91cf542676f8ed0dc5a130 356a6b1e0c2826d245756e52b8505d57e4cc1d2059957fe6fa4b4c37ce6754ff
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/belatra.1e7508387.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:58:28 GMT
etag: W/"66210ae4-13fa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d7a712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@png IP0.0.0.0:0
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/bookmaker-rating-en.e5dcc84dd.svg | 154.197.121.128 | 200 OK | 19 kB |
URL GET HTTP/21win-cdn.com/img/bookmaker-rating-en.e5dcc84dd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash6cc20c3ddeede7970b09582754e1fe3e 343b04db5d2d9bc03ccdbbe914c61b2a41245ba6 11419071480a1e574e8e7d0b7bcbd505c2e3f0506233b781cd4e1e3965e95816
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bookmaker-rating-en.e5dcc84dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-4ab4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2290
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41589d7712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win%20games.9b8574150.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET HTTP/21win-cdn.com/img/1win%20games.9b8574150.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash50dad4fc2924bcfbb1745e9351fc32bd e71c68d2d20f197e3d4645e4d791436496b4528d 98974ebbc36d921b989f19beb197990dec088ab52912315b8a7854f4a8a871a2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1win%20games.9b8574150.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-643"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4162abb712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/slotmill.c42ddd447.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/slotmill.c42ddd447.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash39d48e4b982998cd10417bd09dcc0afc 541c60c508d7777db2cd0e49c18cf32219532dd8 3e18df680be6da9246c3675408ec0e7e107891281a863ab9b6377832b44ee48f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/slotmill.c42ddd447.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-3313"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4196fa5712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| eu.i.posthog.com/decide/?v=3&ip=1&_=1713443816639&ver=1.128.0&compression=base64 | 52.57.233.141 | 200 OK | 505 B |
URL POST HTTP/2eu.i.posthog.com/decide/?v=3&ip=1&_=1713443816639&ver=1.128.0&compression=base64 IP52.57.233.141:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerAmazon Subject*.i.posthog.com Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67 ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (549), with no line terminators Hashf6979cb8cba62aa7b6e613bd7f7a1d88 fbc60ed9ec74a637c060acdbe79cc56311520dc8 9f8fba1211d92ea0d3de72c4871b9990bf6a85465bfbd8eb4a13854096ed35a9
POST /decide/?v=3&ip=1&_=1713443816639&ver=1.128.0&compression=base64 HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 177
Origin: https://1wwgth.life
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: application/json
access-control-allow-origin: https://1wwgth.life
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
server: envoy
x-envoy-upstream-service-time: 21
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/37061.4706f0db4.js | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/js/37061.4706f0db4.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (24692), with no line terminators Hashfea412cd3a087cd0adfdfe6b1bea44ff 456a1a717440c0724e385a28530602b16d0a6d79 3afba0d7cf4300653b9f75bbbdc8f22807f566ede08dffe32a887844f6174a47
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/37061.4706f0db4.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-6074"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234846
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b410da4d712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp | 154.197.121.128 | 200 OK | 354 kB |
URL GET HTTP/21win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Size354 kB (353842 bytes) Hash8df817e5ef0af5dc8279d3f20cae9bc3 12c85bcc74a48053c92f3f75ce3c14e1a19e46d3 61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/webp
content-length: 353842
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
etag: "6620e288-56632"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2814
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4132dfe712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviatrix.b5fd712c8.svg | 154.197.121.128 | 200 OK | 14 kB |
URL GET HTTP/21win-cdn.com/img/aviatrix.b5fd712c8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc92109aa9c320cc21b175481d4219bac 624606f9179e2fe695a087e64df63ec4cedf912b 8892810b3c337925e0e2a61199d9fee94a589789225f916bc9aa6d0b6c76b438
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/aviatrix.b5fd712c8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-34fe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d77712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/46719.c1d2eb9c5.js | 154.197.121.128 | 200 OK | 527 B |
URL GET HTTP/21win-cdn.com/js/46719.c1d2eb9c5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (545), with no line terminators Hash8375a4110ec42498df870269f31e79db d974e51c02dbdc175ffa8d4384b385ecce38e581 b63b4ea04779e05a75b5e69f026faa71ee3601834dc416ce230a65ef9171d861
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/46719.c1d2eb9c5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-20f"
expires: Sun, 16 Apr 2034 12:36:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 617237
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b416cb8b712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2gaming.00302c7de.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/1x2gaming.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash113eb6d7137f5f70e8e824f5487e85bd 3d4d5852693e551b81b3d8106608e11bdb3a5080 72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1x2gaming.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4170bf8712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betsolutions.5d0a153ca.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET HTTP/21win-cdn.com/img/betsolutions.5d0a153ca.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash066b7782f9f8acb732cd85f2df1344ac 7bb3c193cb5dd835fec3e3ce7ed032be4200afc9 95ee3f610ca3eb081f9fd0b7c61dc40ea0e5f470b0ba72dee69c1a06a9198e35
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betsolutions.5d0a153ca.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-61d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d82712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@png IP0.0.0.0:0
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/pwa_android_en.b229a444a-690.png | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/img/pwa_android_en.b229a444a-690.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash43e03a24e305838eac0629c5cbf85550 85c71568d1008a17b928ac548987911daf187020 368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620fe2b-9305"
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b413bed6712f-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif | 188.114.96.1 | 200 OK | 7.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash7d78a951d170034c2ce027bf5ea6c69f 56ffbce11b718eceeb70ad7ac12f28f44f3c8b93 8edab6a41bf81d3abcef43bc57b4c446cd3c493af6eb231409f7b0ecaaf56dfd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/avif
content-length: 7441
cache-control: public, max-age=31536000
content-disposition: inline; filename="816dc231-c8b7-4ffb-bae9-d78caff7e923.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjNhOTQ4LTI4YTY3Ig"
expires: Mon, 22 Apr 2024 18:56:38 GMT
x-request-id: kRpnqKOPXudhGZD4vHPWX
cf-cache-status: HIT
age: 236420
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p0SB5DLm49XRl8DGYhXzQlRYhzk67rxO%2FO0Vam7mQtq3GZngwAbIvNUtsvPt%2B1kroBbunJNjJADvw9XqD5Bdvs45nBnn2WQeGKoRAF846Oi0fq%2Fd8JujMOEnoMC7COlnA3dsJ85XMbc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41a4fa2b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/atp.e87cf2801.svg | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/img/atp.e87cf2801.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3fc6d0c6036c51b4dfe66e116e849214 86ce1aaadafc27a3777f00411012d449f3ae9637 8f671c058e48d1614f577f5acae1f1c27c7ce6af1cc2bcebb8cdacc1280f5207
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/atp.e87cf2801.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-2f1a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 85
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41589cc712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wwgth.life&EIO=4&transport=websocket | 134.122.54.186 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.11win.direct/v4/socket.io/?Language=en&xorigin=1wwgth.life&EIO=4&transport=websocket IP134.122.54.186:443 ASN#14061 DIGITALOCEAN-ASN
Requested byhttps://1wwgth.life/?open=register CertificateIssuerLet's Encrypt Subject*.1win.direct Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27 ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wwgth.life&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wwgth.life
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PW9tB22Gvda2+iOFwivWnA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: NIkn8XIeyINk5H14v0gcU6h2lCs=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=242099e1c187655e; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1win-cdn.com/js/41543.9ecf6875c.js | 154.197.121.128 | 200 OK | 695 B |
URL GET HTTP/21win-cdn.com/js/41543.9ecf6875c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (713), with no line terminators Hash3a416c7a8b544cab2961aa391df25f73 1760b78a71e89b19890fc1e1d457f20fc7931b8f 63858586d9c72226c0522e2b0dbd181ef99b481aebef11049ac603b942c6876b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/41543.9ecf6875c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2b7"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b412bce9712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-poker-frame@2.50a0c1527-256.png | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/img/sprite-poker-frame@2.50a0c1527-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hashe46f588febb018229e3c2450c4a3d4f0 4904652973205c308ead578918f7ff5a6a27bf0e 855739792866720d46d60d1a9696327132ecb9a4e9420ec40a861c41a6e57e20
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-poker-frame@2.50a0c1527-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 9422
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10453
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620fe2b-28d5"
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
cf-cache-status: HIT
age: 2290
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4133e0b712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onlyplay.1c7a3c455.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET HTTP/21win-cdn.com/img/onlyplay.1c7a3c455.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc3e69f9fed9cc0cf56f269a871ebf7b8 24c64655556df116228009b2d0e64950404e45a2 c983a2f37ed5b2c73940d48dc81e885d6fa8136a5e0f3399e426e427dd7ff5ff
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/onlyplay.1c7a3c455.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-6ad"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6819
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4189e74712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif | 188.114.96.1 | 200 OK | 6.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash4e7067f0087797bc8a2752288c82d468 7a97f30b9cf7b7c0167847006aefcd3411e4c414 626952781c5dcc08fb5dc238ced257f7bcc86ed4e656e61c829199ab4f023e62
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/avif
content-length: 6364
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_d25464ae840baf966d3d1019c718c0fc.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYyOGUyMTVlLTRiYWM1Ig"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: Y6cy0Xwg6dY5io0XtPfyk
cf-cache-status: HIT
age: 13825
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2FWBJJmhJJzss1V9fedn7V9onPEamlNRuzcPLhOVDwJR28oBv7XPkLVn45b8HN5ygfdmjoGjLcXa%2BcQkV9OaFisB6Z7sSLA6Y2Q8wySHFbRM7158lbHK6c%2B22P4jgJVz%2FALamkuXS0w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41d9e2ab51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/10400.3cf244941.js | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/js/10400.3cf244941.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (10227), with no line terminators Hash1ad5950bde4f0fe9c86b787797bcb5f3 ea74570c969353f2271343730f147d736cb5dce9 c5968c75fbd50f8b7179748ca7e567967404b877e17bb1c4e45db9b3925ae7e1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/10400.3cf244941.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-27f3"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 248790
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b410fa81712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/present-with-light.bd57fb068-151.png | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/present-with-light.bd57fb068-151.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 151 x 161, 8-bit colormap, non-interlaced Hasha804ad67f4add53f8c251c2ebc80469d 4108aeab2f7a7c3720885edeb445e6131a383a49 06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620e288-1a4c"
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
cf-cache-status: HIT
age: 6820
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b411ebd1712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/rubyplay.b4553f39e.svg | 154.197.121.128 | 200 OK | 7.6 kB |
URL GET HTTP/21win-cdn.com/img/rubyplay.b4553f39e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3858ea5c6be5319073b0453eac475c1b 72be49666df66401b531cfe9658ae2b64f897b0b fb96a6365440b705da9c72c59a869499f4872ed922243f9d248536974a860980
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5096
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4196f94712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/no.svg | 154.197.121.128 | 200 OK | 326 B |
URL GET HTTP/21win-cdn.com/img/flags/no.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash8b888b132836f9bf2c915bb3904c6dd3 e356289b851fdef19c9e0b2af31acbf95d77b0f8 da80fbdaeba2338f9ff3e93db2f1653c03c3dffa0cf376eed372edc98e308f0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/flags/no.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:03 GMT
etag: W/"6620f1f3-146"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6814
expires: Thu, 18 Apr 2024 16:36:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41dfed2712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/revolver.25aaacada.svg | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/revolver.25aaacada.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash49db2026a7b56b5525113dde1df88e5f 145eaf3e89aaa41bc641b6cfd321d900f74065d6 6f0a14e96df44350c7101bb3382f02983f1eb98fced9d4309cf99b2210a96adc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/revolver.25aaacada.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-f28"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4195f90712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 | 154.197.121.128 | 200 OK | 4.9 kB |
URL GET HTTP/21win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with very long lines (5344), with no line terminators Hash3f506c1d9eb92c92152fe4d3d394568a affda5e89f1172ba9a1aeb0879dab7b627088536 07083914b8ca258235155dd9e7e085e97102301d36c49003c3202f55d95ae372
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wwgth.life
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"21ce-wm0kJUuRnQV5hIz8GnyJyj8sQkQ"
vary: Origin
expires: Thu, 18 Apr 2024 12:36:57 GMT
cache-control: max-age=0
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=.Hd3qS6Uq_0Wy.Vpubnk0FEVEK3SO.g7OsHMOqpbqpg-1713443817-1.0.1.1-X2RaL92rTNHCG8DDSy5zwFrQbF6G8T30CPygv42t1XBNKhdCs8bUJubuHEI0Nh7P0e.sZsTVW1Tdjn35oyZoKw; path=/; expires=Thu, 18-Apr-24 13:06:57 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 8764b413cfb5712e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinmatic.f74cf69af.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/spinmatic.f74cf69af.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash12c6733c47b71d93b36447dcb999d080 f6440015ef35215d9009b4f08340145df1f7d9e1 fb365d3e4d36a26db4aae3e00690d0b35f5289b5e80c371ed687b7239be22f07
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spinmatic.f74cf69af.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-86d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4197fbd712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/31310.c605a9b9f.js | 154.197.121.128 | 200 OK | 528 B |
URL GET HTTP/21win-cdn.com/js/31310.c605a9b9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (546), with no line terminators Hash819ea0d23f76434d7cf7bdad5c0dc71f 06f5a3c6cd80db3f5850633d2f868f55e7e92447 3fc29ff364ab40aadf6f25a1d6423b9d333cfecf786e3cfcc04175850357eedb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1234844
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4124c56712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/en.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/flags/en.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash79e4258317717cae7d54221d403e28d4 85a14a9c6aa03cf4c9ec9e942a06e5987cb61d0a 0b0d98ecb898886bc24f0a6859a7a76034f960374c9914370e69d3ac7467a697
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7125
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4124c57712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif | 188.114.96.1 | 200 OK | 6.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashe96a71a5fe56033b87ca3809fb4fab55 22b9068fece941bf32a6e67885ea41fd70233ac6 e7d80eb4af58fe47ec89fadcf5b2e5969f43527c11668ae3f4af541fe61a5853
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:59 GMT
content-type: image/avif
content-length: 6634
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6a15f20-ce33-4ddc-9763-e38986fcdb2c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGMxZWU2LTNlZDNkIg"
expires: Fri, 19 Apr 2024 08:18:29 GMT
x-request-id: Icb8kkVzIfkPQR92BQCQD
cf-cache-status: HIT
age: 533910
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BHBPShxn91z%2FoO%2BsiFOfdFZLlt1AETVEEsX%2BplcFSQQZg4GgpEXOZq%2FoHe6cT8SshHJHQ%2BH%2BQy45CE3qJxsjZCCuL8to2EQxZLwz%2F9vlDJPNq%2FSpHQ7t6Po%2FyrohP7XqLra1sLMcw38%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41d8defb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wta.c6d5e2ef3.svg | 154.197.121.128 | 200 OK | 3.3 kB |
URL GET HTTP/21win-cdn.com/img/wta.c6d5e2ef3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash040d7f0a9e965031fe2520530582a5d3 015a448fc7cbd8ca0b74360915ee71513921dbc1 fac8ba2fc8936b7a7f9faf5e0f94031ec8ad096c8094f026fc5fb67d5b2bff59
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/wta.c6d5e2ef3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
etag: W/"6620fe2b-d04"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 85
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41589c8712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cq9.5d5072e17.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/cq9.5d5072e17.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash47469c2cd9d79b1305e3e02f76d0dc24 d63ca4b97bbdd2533e5c1ac86bacd621a4150410 cbdced2050313c54915ec2417995b7de59675fffbbedf861202570a6e4ad5536
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cq9.5d5072e17.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-120b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d91712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ezugi.a9c66babd.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/ezugi.a9c66babd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash329b99ccd51d8cd3e1a5c8a1b83a84eb ad907259ddfcffb089829ad24a4411ff1cd4b1c0 96e851dca3bca1d7d99061ec91cab28bd2c037ce8732e80a4ed601e86c0e67c4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180da2712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a6bce22c-f7ed-4ce4-9414-3a9c284f6175.jpg@avif | 188.114.96.1 | 200 OK | 8.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a6bce22c-f7ed-4ce4-9414-3a9c284f6175.jpg@avif IP188.114.96.1:443
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash5c0f019b7d2474cb160b5fbedfecf4f2 7a746b5e34d2001898dd636bba1c30ebe531fdff 5619d0886bad7318d829374a6a01b4325c9d6262e6a26670ca413259ed6dce6e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a6bce22c-f7ed-4ce4-9414-3a9c284f6175.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/avif
content-length: 8016
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6bce22c-f7ed-4ce4-9414-3a9c284f6175.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGE2MTVkLTRkNDcyIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: MYWC2Pm9gpQADGH4OeNaI
cf-cache-status: HIT
age: 13825
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KZkcgBjpXcAYA74qW13B0ErfAPoM%2Flp6Xo9F3gCVTZpqifNIftGWsyg9qxbMXfVTsr1AH1y5mgMX33VV2%2FwzGl1zcvihLntiJAVKGp2XEsjV00xz4Sv%2BchgusODO1o8ZeiZ9P6Fe3Xo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b41a6fcbb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.3d1bcbde1.js | 154.197.121.128 | 200 OK | 137 kB |
URL GET HTTP/21win-cdn.com/js/desktop.3d1bcbde1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size137 kB (137193 bytes) Hashea365c2f3a052dff765c477b90cd42fb 614713026b9faaa85f6d8951e5373511dc749ec0 3b860f1c58b824ef2130e65580b91c6b435fa77ff60a1dfa94be836ece24303c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.3d1bcbde1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 11:58:28 GMT
etag: W/"66210ae4-217e9"
expires: Sun, 16 Apr 2034 12:36:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1538
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b40d3cb7712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/56657.0f68ac264.css | 154.197.121.128 | 200 OK | 28 kB |
URL GET HTTP/21win-cdn.com/css/56657.0f68ac264.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeASCII text, with very long lines (28379) Hashe75c0ab8027f42b820a9688da88c2fbc 0000148be7fb08acf84277d20b3cdef610eb89b5 1eac02249cd6697abecc7f19e18f5e698a88a6d59dbfab4a985106c79fa33fb4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/56657.0f68ac264.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-6edc"
expires: Sun, 16 Apr 2034 12:36:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1226278
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4113aec712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png | 154.197.121.128 | 200 OK | 20 kB |
URL GET HTTP/21win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 600 x 295, 8-bit colormap, non-interlaced Hashb924bd42443557a1ef9d41f043ddf175 a9db601e2941557cba7e3e688390aa43e8411e2e 8103c7873a41f0c2d28c5738b5bfb26bf324123930e0f49f7cf83964211b1def
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.daea5f5cb-600.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:57 GMT
content-type: image/png
content-length: 19467
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21524
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620fe2b-5414"
last-modified: Thu, 18 Apr 2024 11:04:11 GMT
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 16:36:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b412acdb712f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ct%20interactive.74b20dbc3.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/ct%20interactive.74b20dbc3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wwgth.life/?open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashe709608dd45ff01d7f75d21bc3534e1e d45bc1ea2a957ab8113ecf7da9564be00207c6d4 d3909007c8efcbb7e2d3fdabe0dde74063c3efcd76d989f83f6d128b89494b2f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ct%20interactive.74b20dbc3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwgth.life/
Cookie: __cf_bm=9mujgz8SIC0kSUiq93lQpxGZ51.lcCnb.KNXileypiM-1713443816-1.0.1.1-VcZY37zYNQW0YVdCGP0akYG1i.DbUn1LmLzcRsVkczyXoG5NndntgUXYX0xVciHVGAivFMTFDxsKoj_uobIe0g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:36:58 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 10:12:02 GMT
etag: W/"6620f1f2-889"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 18 Apr 2024 16:36:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764b4180d93712f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|