Report - 1wmlv.com/

Report Overview

Visited public
2025-01-02 05:08:08
Tags
Submit Tags
URL
1wmlv.com/
Finishing URL
1wmlv.com/
IP / ASN
186.2.162.102
#59692 IQWeb FZ-LLC
Title
1win

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

380

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2025-01-01	2.5 kB	2.5 kB	216.239.34.36
www.google.no	25607	2001-02-26	2012-06-26	2025-01-01	720 B	578 B	142.250.74.131
res.1wcommon.com	unknown	2024-12-02	2024-12-05	2024-12-28	27 kB	244 kB	91.235.132.77
cf.1win.direct	unknown	2022-08-16	2024-10-22	2024-12-28	604 B	348 B	154.197.121.130
1wmlv.com	unknown	2024-05-26	2025-01-02	2025-01-02	29 kB	531 kB	186.2.162.102
v1.bundlecdn.com	unknown	2024-07-24	2024-07-27	2024-12-29	56 kB	5.7 MB	154.197.121.128
d16q5vvir3f28d.cloudfront.net	unknown	2008-04-25	2024-01-17	2024-12-29	456 B	4.1 kB	143.204.42.156
www.gstatic.com	unknown	2008-02-11	2012-05-29	2025-01-01	470 B	561 kB	142.250.74.35
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-01-01	879 B	405 kB	142.250.74.168
imgproxy.v1.bundlecdn.com	unknown	2024-07-24	2024-07-27	2024-12-27	16 kB	771 kB	154.197.121.128
www.google.com	7	1997-09-15	2015-05-10	2025-01-01	744 B	538 B	142.250.74.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-02	medium	1wmlv.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed
2025-01-01	medium	bundlecdn.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (90)

	URL	From	Size	First Seen	Last Seen
	res.1wcommon.com/AeTnOIOEjxR5aKsn?4abe39a3289b8190=CvLF27J0EkoIIMJIftvmfGji87ZMCh1hFbqk9GojRffg6Segm8kmMga9yPSx0VptA_BqKY4TUZgCTjf75sffioPdvaH2PL-YzzgrA5vaktdPRSIqsJpcxJWnltZjL_bsgkVMVDpY_-DPJmJKxFcj4SIFutU&jb=3136246c716135316d6766336431353a346a6a3c613632303b3a33343533363661636430326235	ScriptElement	0 B	0001-01-01	2025-07-22
Pretty URL res.1wcommon.com/AeTnOIOEjxR5aKsn?4abe39a3289b8190=CvLF27J0EkoIIMJIftvmfGji87ZMCh1hFbqk9GojRffg6Segm8kmMga9yPSx0VptA_BqKY4TUZgCTjf75sffioPdvaH2PL-YzzgrA5vaktdPRSIqsJpcxJWnltZjL_bsgkVMVDpY_-DPJmJKxFcj4SIFutU&jb=3136246c716135316d6766336431353a346a6a3c613632303b3a33343533363661636430326235 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-22 07:03 Times Seen5489799 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	v1.bundlecdn.com/js/71649.0689719c4.js	ScriptElement	8.0 kB	2024-12-25	2025-01-16
Pretty URL v1.bundlecdn.com/js/71649.0689719c4.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-25 20:47 Last Seen2025-01-16 03:00 Times Seen145 Hash cc172dd1b571fe020e0891ced0c42b26 eff9c16b32d4b358e8d7faf55f781a67631662b9 2e8ab82f86091c6aebccbfa2c59501868fa057291e4816db18049f1e3b049f66 Loading...

	v1.bundlecdn.com/js/17832.eeeb495ed.js	ScriptElement	12 kB	2024-12-24	2025-01-08
Pretty URL v1.bundlecdn.com/js/17832.eeeb495ed.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-24 11:43 Last Seen2025-01-08 07:48 Times Seen96 Hash 32e4845d7727077bbabfa1a5fbecdf67 2519bbf369c31f4d566a93fd7c4a6ff68ff5d982 c6bf1386365a65edc17e3bd32908513521a45f68b69af3ee62a71280d5db73c3 Loading...

	v1.bundlecdn.com/js/41543.798d13104.js	ScriptElement	695 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/41543.798d13104.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1045 Hash 48813f2325a439cb966c5096fc8a810a fb44ed9fb85edbd34701708c1fa10cfaa3f07bcd de64ce06fbb042ecead3cf7684326db4f0c50ac26ba91a99d3399f7de24f6ded Loading...

	unknown	ScriptElement	456 B	2024-04-18	2025-07-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36 Last Seen2025-07-21 12:53 Times Seen1954 Hash e52b0f59624f8e74a8b3057ff5435c61 2751ea57dea85000a4310b8ce1ed42f128e15669 59024c214314c5b5bf32ca19d50e94e1bdd916c1876a2c3b982dc22bffa98340 Loading...

	unknown	ScriptElement	2.6 kB	2025-01-02	2025-01-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash 2da4ee37c08d4069b8002b87e9a26303 95f7a7ca50057f3c0b8b04f459efb6bc36ac086a 04bdf63754fdb97c79152ca15fd98c936f07e31971c9e5dcf4c5375a98f6aa3e Loading...

	v1.bundlecdn.com/js/78449.176d64123.js	ScriptElement	786 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/78449.176d64123.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1478 Hash c9e05b247ec4862225558c72b113350d 7708f2815c38e06b3f5ed4e9c6c98622b69e3f4a ba979bcf79cb56027207dfba2cb71ac9b41ad1f38b55a0977f72091dddaa6486 Loading...

	v1.bundlecdn.com/js/38209.eed097ae1.js	ScriptElement	1.3 kB	2024-02-20	2025-02-24
Pretty URL v1.bundlecdn.com/js/38209.eed097ae1.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 22:52 Last Seen2025-02-24 04:39 Times Seen1262 Hash 72f73ddb269d565042120562c1ec0c63 36b9b7c3b8838355aae56c42478bdfa61f5250dd b333e8bd20e8f594718ef1c195192747680b0842c347179cf6ca55c81178a006 Loading...

	v1.bundlecdn.com/js/icons-pack-payment-full.a276033bc.js	ScriptElement	142 kB	2024-05-18	2025-02-24
Pretty URL v1.bundlecdn.com/js/icons-pack-payment-full.a276033bc.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-18 08:40 Last Seen2025-02-24 04:39 Times Seen761 Hash 86d09ae15753ec08cf050441a41ad602 05c72de729150385f071def5232f416422cc3f57 7598ea9b0f69a9d971822d733e343dc84d3ad5216c26a491a68315fc81235f3c Loading...

	v1.bundlecdn.com/js/20420.bd469c3d6.js	ScriptElement	573 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/20420.bd469c3d6.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1481 Hash f5d89fb15e17f73b8c6bf23ec49acf32 451fa7acd3e8f232c6d8e5a9e2685226771fbb41 a763f290f9b6982825ca91925709d7ba82ca508514f91786fa29c44b4afa763a Loading...

	unknown	ScriptElement	2.7 kB	2025-01-02	2025-01-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash 6ab47ccd6b13af0aaab4c101af8154fe d3d093a6146021909013cef67d258aa169da26c6 dd1dc9340fcb8126cc6c32d3053fe09ab6daa412a632259e9f6f5e926a2efb21 Loading...

	1wmlv.com/	ScriptElement	14 kB	2025-01-02	2025-01-02
Pretty URL 1wmlv.com/ IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash ab04fdabab69914bfed0ee6543fbffe6 0122fbe746406ee694e2c8b7ee4e7cadd224a614 ad2c6021656ad385779c1bcf7655c5bf62d0cda125510631a3b6d82b4ad3ad90 Loading...

	1wmlv.com/	ScriptElement	291 B	2024-12-30	2025-01-03
Pretty URL 1wmlv.com/ IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-30 18:05 Last Seen2025-01-03 18:49 Times Seen67 Hash 00176f54911a036d6bde19cb18734a5c 32ef2e4459ee00b14a142a86d9b5ca6ecfbff5d5 d31f2b55152f59d7983c54516a5238bfc123bc286db00f6c569411d7653ba7dc Loading...

	v1.bundlecdn.com/js/18860.7fa49e9c9.js	ScriptElement	28 kB	2024-05-23	2025-02-24
Pretty URL v1.bundlecdn.com/js/18860.7fa49e9c9.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-23 15:28 Last Seen2025-02-24 04:39 Times Seen1089 Hash fdde7cbded7bc79fc00eecc5d489f9a6 617d0cfb7e05700d0db744f63c4f18c0693c204d 0f6e3e5c53c730a88de6f874ab17cb1283f0ed8580bb22b57578f4f0d601f700 Loading...

	unknown	ScriptElement	1.1 kB	2024-12-05	2025-07-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-05 14:28 Last Seen2025-07-22 06:49 Times Seen2400 Hash e679df6b5f2132d375100d7659db03f1 5ad7e81b0c4143714c09344927ec63cfd8fef2c6 11c9a648b310c0f1526ea7230a0ca7c163c668e5666f89ad1ef77e03874e1d81 Loading...

	v1.bundlecdn.com/js/60385.2b555ff35.js	ScriptElement	9.2 kB	2024-12-25	2025-01-22
Pretty URL v1.bundlecdn.com/js/60385.2b555ff35.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-25 20:47 Last Seen2025-01-22 02:53 Times Seen154 Hash d0e88123175d318fc614dcc736812c57 7ed8effa2a3383f7265e930b25031f4d3150057b b73db4017acfb50e3ecc797650b2560685c1a3a64edf837aa6367f3c42711029 Loading...

	www.google.com/recaptcha/api.js	ScriptElement	870 B	2024-12-12	2025-06-02
Pretty URL www.google.com/recaptcha/api.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-12 17:12 Last Seen2025-06-02 17:27 Times Seen2291 Hash 959fca740c230726e5a7cdf2b7603468 1fa3eb9690cb728a4ba96846bd8eac87fa914073 1a7a8da967879cf8c53e114c331242c5d44c39d4b4778a0824bc2f363504c3a5 Loading...

	unknown	ScriptElement	32 B	2023-03-07	2025-07-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19 Last Seen2025-07-21 22:08 Times Seen5531 Hash 16eff409565ed1d22c17d73ce417bd15 ae526f9ce16489f0ca53977b7722f56806555342 d7d8adcd29f47bcccb73dcfc9c2135200465d57df689f842a49311a5b000d7a3 Loading...

	res.1wcommon.com/TZrMDq5_qKtJmVtA?42dbecf641a137b0=UrBEgbmG-XYsujuapogyipm9twKZbhCcUvfZbLmL_kj0Q5hGLhDVbSI7KQMfgJiTIML5o6HaUNrKoW24U9011nR-QKJc0Sp2buqablOwxiyX55q-FhVaF-gLPy07qLr7IZR4r4yTDoqsRRDw1oEaCIl5q9g_rPTYQtXprHxaYSZH	ScriptElement	221 kB	2025-01-02	2025-01-02
Pretty URL res.1wcommon.com/TZrMDq5_qKtJmVtA?42dbecf641a137b0=UrBEgbmG-XYsujuapogyipm9twKZbhCcUvfZbLmL_kj0Q5hGLhDVbSI7KQMfgJiTIML5o6HaUNrKoW24U9011nR-QKJc0Sp2buqablOwxiyX55q-FhVaF-gLPy07qLr7IZR4r4yTDoqsRRDw1oEaCIl5q9g_rPTYQtXprHxaYSZH IP 91.235.132.77 ASN #30286 THM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash 3dc5af78933c7cdf18c08cf2150cf0c0 a1b8da26b74e0b2f0a15b3d8170faade58b73ff7 ad244a7a688d703b6c3a1d13e77113951387108d96aace7b8de0eec0c350cd6c Loading...

	1wmlv.com/	ScriptElement	25 B	2023-07-19	2025-07-22
Pretty URL 1wmlv.com/ IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 21:15 Last Seen2025-07-22 06:49 Times Seen3857 Hash 2a9c68b4e7022ff8ab044251b6be11b0 6ca1d5c1984d89a849b7aafd0cc76b1efe8d77dc 6cfd8751a565c9e7d402eaa68a6d30afdf9967813d60cc28d655578e1bec7b9c Loading...

	1wmlv.com/	ScriptElement	5.6 kB	2024-12-19	2025-01-31
Pretty URL 1wmlv.com/ IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-19 22:39 Last Seen2025-01-31 09:28 Times Seen270 Hash e3f5c919968f745521686641d38d7777 f9dc28cedf7b34176619b96b2167fcfa8c47f94c a174fadc94c9d71ed43e176664d8f30f5a265526024092b3756a0eaaa7a43bf2 Loading...

	v1.bundlecdn.com/js/90511.4d14ae8a6.js	ScriptElement	637 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/90511.4d14ae8a6.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1503 Hash 453f1fb8f8c37b6c5c54c40e87dd038b d91d34e4b68e63be767a3ce9cd34eaa3dd41172d 52fd79478fc6b3e236a696d22135ed0c09100b9e25ff9bf93fca315d9d4ba1de Loading...

	v1.bundlecdn.com/js/33700.57cbe42fa.js	ScriptElement	992 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/33700.57cbe42fa.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1309 Hash cca468f1fe1bebf60fb88dadcdb78142 a7c820f160c6a07b014972f8aa63e9b38f6b7ec3 0093434135f55115e84e92ac20ecc0af0ff6f9e200cc6cedbbb9d52c3504d678 Loading...

	v1.bundlecdn.com/js/8726.b096c9add.js	ScriptElement	664 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/8726.b096c9add.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1479 Hash d3791eaee8c4e61b0a5a83f911a88cee 1f439da3d55903466d31fb89708dac067916c057 c9810fa2298b1f0e1df7375b8259ba26174bb1a3d71cd5e33e2a584557179620 Loading...

	v1.bundlecdn.com/js/26670.5dddbd6ec.js	ScriptElement	1.3 kB	2024-10-11	2025-02-24
Pretty URL v1.bundlecdn.com/js/26670.5dddbd6ec.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-11 02:20 Last Seen2025-02-24 04:39 Times Seen462 Hash e3ee40e4a0b578140d446b2d5af64113 221418518c5ae7caf77c1b6cf6f65482b2ed10ec 82f30f7b355729f8713969007c01de0c13f7995ecf180be55428450d32bd4903 Loading...

	v1.bundlecdn.com/js/chunk-common.caa57e44a.js	ScriptElement	862 kB	2024-12-30	2025-01-08
Pretty URL v1.bundlecdn.com/js/chunk-common.caa57e44a.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-30 18:05 Last Seen2025-01-08 10:56 Times Seen99 Hash 4261306f22f8fe5607081431dad5a313 43634ccfda47eb83f6244f51286650af2e60b818 6a10cf12e8825cbc60150e3009a3313d64ae3bc1428574a4fb62e29e70512f56 Loading...

	v1.bundlecdn.com/js/68618.55f66bef0.js	ScriptElement	10 kB	2024-10-25	2025-01-14
Pretty URL v1.bundlecdn.com/js/68618.55f66bef0.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-25 19:56 Last Seen2025-01-14 07:13 Times Seen310 Hash 39ba557294165ba0ae55f87f1b1723c9 0f1d0d6c350abc907da9bbcc3000b092f23c2f34 a02620e43d94866ee4b3346309015dfa55fdfd4e6ce9c1bbbd284a3aea5cb753 Loading...

	v1.bundlecdn.com/js/1279.2ddf52e8a.js	ScriptElement	911 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/1279.2ddf52e8a.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1471 Hash 28141e290f6ef740409a896799581b45 68034ac9fe2c0e71bb8ccc868540963adf4ebc7f b563de728f7ad9022ef94968360931749d32898f02f524b66a73c2630126f4a3 Loading...

	1wmlv.com/	ScriptElement	87 B	2023-07-19	2025-01-31
Pretty URL 1wmlv.com/ IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 21:15 Last Seen2025-01-31 09:28 Times Seen1785 Hash 3795446a4317a989b0632a668bb1a334 56d14bb87a67b3ceb620bb61633db5e43099bd33 d28b1d0dcd44e2fdbb9ed061c9c7f5e0e0595e93b092464d38d76e335de3aed5 Loading...

	1wmlv.com/	ScriptElement	524 B	2023-10-13	2025-07-22
Pretty URL 1wmlv.com/ IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 04:25 Last Seen2025-07-22 06:49 Times Seen3774 Hash 1cba076a7bc43f6c027239039206c8e3 b51a0930ec4aa4c5317c4771ade558fadec24239 c716ec7c8a8774ae64a4dc26521542f54ab78b436008474e797b7136299c9407 Loading...

	1wmlv.com/	ScriptElement	156 B	2024-12-30	2025-01-03
Pretty URL 1wmlv.com/ IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-30 18:05 Last Seen2025-01-03 18:49 Times Seen67 Hash 6d232f37efd79890b89b8f079a1b03f1 ce0d226bd230623ab0d128b5c90c50f7932d0362 0ac3370e743d241e840c195029c328ea363ccdefa72d1737a98ccdde4d19f158 Loading...

	v1.bundlecdn.com/js/88971.fb97cb756.js	ScriptElement	529 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/88971.fb97cb756.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1053 Hash 88e4f6d7cb0faf6b16c158636a8553bf 357a27adf1b5615ee1897f13e0de0344254d9bea ad7459bd9492984b70993c16807c05a1b962c1e366d793cdd5646259f02b34c2 Loading...

	www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c&gtm=45He4cc1v894400803za200	ScriptElement	289 kB	2025-01-01	2025-01-02
Pretty URL www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c&gtm=45He4cc1v894400803za200 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-01 17:23 Last Seen2025-01-02 05:08 Times Seen2 Hash 63d491715b1054e6b873c0721c8c1379 3040675b80cfba4f24a1b0c4fb249d08644a666c 9d39a60fafe60f3c1309909745c544bab9f973a28fdf79a01ee1ac25603f3385 Loading...

	v1.bundlecdn.com/js/62692.32aba7b96.js	ScriptElement	847 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/62692.32aba7b96.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1507 Hash 9afe6681b5ea10a8c7663a970eeafd54 1e3dafa83d751066892246ba0fbc85966e83fcb2 a31e32a08b75b8ee000531454e3e63f3814ab6cb885e9f0434fe426bbcbc87e7 Loading...

	unknown	ScriptElement	2.5 kB	2025-01-02	2025-01-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash ad5bdf64fa000f6ad101520e3426547f b876c1b625f812dda48a03f95f77f6f55b5ae6fb 00414f7d7d16a1c61e5562e1e7f4a61e28667e239d38e37b89a0c024cb271d7c Loading...

	v1.bundlecdn.com/js/75920.7cbfcde45.js	ScriptElement	1.3 kB	2024-07-18	2025-02-24
Pretty URL v1.bundlecdn.com/js/75920.7cbfcde45.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-18 14:58 Last Seen2025-02-24 04:39 Times Seen766 Hash 0b9ca5a37f606abb2ae30d08bb831f2c 6424b9af550360afe4d29b05565b1f2bac3ee3d9 ba7ae4465d1c40dea7111525d8b5530f06a8d131319e527cb2547a7ec1639086 Loading...

	unknown	ScriptElement	15 B	2023-05-09	2025-07-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 20:18 Last Seen2025-07-08 21:34 Times Seen12 Hash 5b9fa1b864c498924898378e14067ea3 0274d5f77c1d49c178f3c3a145fdc9ed2011d0d2 811cb151811a95407400354c6cdc5e6b03344b366936689d87d6c81d36cd5e0e Loading...

	res.1wcommon.com/T6ufYWTTc7qkRffr?28df18c4c6d95a4b=0A5q7UJ9MF8dber0ED0BDf9Cw_mU2vIrjxd2QKOCkmdUs1WtgxGa9ucBXJR7SJvrCqdrLnMcsrBJYL2TnigZviYD8KuAaQA_Sr-ITMV1okj7LrtYeG3GRTEEY2K0aCIiwJ1gplShgtzXkoB4q-kRtFFFDGFzqe4yolCv32uzU7KNCL98S08ZjMFdVrRRzXM8I_i9KH9-nFuVytRjNEw	ScriptElement	101 kB	2025-01-02	2025-01-02
Pretty URL res.1wcommon.com/T6ufYWTTc7qkRffr?28df18c4c6d95a4b=0A5q7UJ9MF8dber0ED0BDf9Cw_mU2vIrjxd2QKOCkmdUs1WtgxGa9ucBXJR7SJvrCqdrLnMcsrBJYL2TnigZviYD8KuAaQA_Sr-ITMV1okj7LrtYeG3GRTEEY2K0aCIiwJ1gplShgtzXkoB4q-kRtFFFDGFzqe4yolCv32uzU7KNCL98S08ZjMFdVrRRzXM8I_i9KH9-nFuVytRjNEw IP 91.235.132.77 ASN #30286 THM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash b3b11ac77c78caa313f8a3358e2bb990 4c69d0215cac61f122d544f5cf7fe210cc730dff 40bed8e664db0a41ed91865ebbe3cd32cb218016789e8ad99370a59d878e7348 Loading...

	1wmlv.com/	ScriptElement	168 B	2023-12-28	2025-06-22
Pretty URL 1wmlv.com/ IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-28 18:15 Last Seen2025-06-22 15:49 Times Seen2450 Hash 457845cec6d736fd4ef36c7ef4b151f2 07936d0ba74365a8800c77fef3fb1407ec380ce5 bdb9495702f089c6d0a6d88e2e925a54c5ed3bb903835340562ce54d54dbd7e1 Loading...

	1wmlv.com/	ScriptElement	6.7 kB	2024-12-16	2025-05-12
Pretty URL 1wmlv.com/ IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-16 11:54 Last Seen2025-05-12 13:13 Times Seen744 Hash dda2c929232dced520ab41226af6e9f5 05418125d2dfde37f8f015b4f008bd7f4632aefe 33ba9a64730fdbac54792a2f3d53cc603e648fbc1d817f0264e84d4618c247b9 Loading...

	v1.bundlecdn.com/js/64829.b5920df2e.js	ScriptElement	58 kB	2024-12-25	2025-01-08
Pretty URL v1.bundlecdn.com/js/64829.b5920df2e.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-25 23:47 Last Seen2025-01-08 07:48 Times Seen85 Hash 36ef47c7b0c5094c52387d6c8c30b683 1e480a0307eef660cb8641bd6faeddb9907064af 9d4580e3ac7b3d61bfe93d0500bc98c5700c899fa4a87561a679c7f9a4a68526 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7	ScriptElement	326 kB	2025-01-02	2025-01-02
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash 0d305ef7e5384b5fac107c3aa48eaa13 d184b45c4622781107179ddaddcd6f53929a4089 71ef6653cdaf9bfa6bc9700922da4a0215514b9e6fa3c036a965de46dc05cdbe Loading...

	res.1wcommon.com/1x2cIR7yrA0bYh0c?0ef3aa0d1cdfba90=9I4Ri9FGcP0qP7GUQDz5spfgbgEJTNTNM3qoOLNMaGSrKtju-EsoFR0aoLxFw22YIzN9XQqPJPCi41w4J9cdo5ozsfbvmyapoWetNdwP86HOknH31ypLnX6N6fpJ9psxx3dbqWNUMaka9DgrcRccu6Q4zv3KkG58s8osqGxJzvsX26PH72f5nvp400DUvdgy1DT9mbnbf0KPrhQf&jb=3138242668736775354e696c7570266271673544696e7770246873623f46697065646f7a2732323934	ScriptElement	395 kB	2025-01-02	2025-01-02
Pretty URL res.1wcommon.com/1x2cIR7yrA0bYh0c?0ef3aa0d1cdfba90=9I4Ri9FGcP0qP7GUQDz5spfgbgEJTNTNM3qoOLNMaGSrKtju-EsoFR0aoLxFw22YIzN9XQqPJPCi41w4J9cdo5ozsfbvmyapoWetNdwP86HOknH31ypLnX6N6fpJ9psxx3dbqWNUMaka9DgrcRccu6Q4zv3KkG58s8osqGxJzvsX26PH72f5nvp400DUvdgy1DT9mbnbf0KPrhQf&jb=3138242668736775354e696c7570266271673544696e7770246873623f46697065646f7a2732323934 IP 91.235.132.77 ASN #30286 THM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash b90f8870f03f91d37abb9cccae19610a e188987b0f24ab3ae98e854c31b5960090853062 3043315e345a454ad467a1a5f1e07ec06ccec3a00c4a2d0a6f18efbb09df1dad Loading...

	1wmlv.com/	ScriptElement	5.6 kB	2024-09-03	2025-02-24
Pretty URL 1wmlv.com/ IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-03 19:30 Last Seen2025-02-24 04:39 Times Seen600 Hash d63a710ffa76a58c9219af32e8dcd566 ed024892b9ee812add471d373f73c5298e2ee339 1fad51263d230be6525f78342aebb5cc504819d3c9f1e91cd9f4115a6016c01c Loading...

	v1.bundlecdn.com/js/index.a08d81d4e.js	ScriptElement	271 kB	2024-12-30	2025-01-03
Pretty URL v1.bundlecdn.com/js/index.a08d81d4e.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-30 18:05 Last Seen2025-01-03 18:49 Times Seen67 Hash 49fd361e5cc00702d43383286757ebb0 830c279a84e898075b05816c3b6b683db6d79b84 533531f86431ff348069dccf9baea65ce0534c7a5a71330c8dc976edc4677051 Loading...

	v1.bundlecdn.com/js/82528.9e2dc2c8c.js	ScriptElement	313 kB	2024-12-30	2025-01-03
Pretty URL v1.bundlecdn.com/js/82528.9e2dc2c8c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-30 18:05 Last Seen2025-01-03 18:49 Times Seen67 Hash 0f9119ac4873728499303fcb8183d4f1 7c3c961d235532d2605c9a6b438cd1b8a49d0a50 cb3175e3bcba5bb93c8af9bcb4d2a62eadaef1b134d6dce535aa94815794d54b Loading...

	v1.bundlecdn.com/js/28852.1642f4cbc.js	ScriptElement	906 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/28852.1642f4cbc.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1501 Hash 8c454f4f9b542fe39f23206bc649d0ad 5c87d1e9b3f6f05694adea0524cd5c421222b368 429057a98cbc1fc117e33580ec952a3b52377602b06e702e1099b11891183cf9 Loading...

	v1.bundlecdn.com/js/8653.80b20a8f2.js	ScriptElement	952 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/8653.80b20a8f2.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1046 Hash 6cb37362c9f47f9da06554dee435ff92 e34a75d99c356fe77ecca00e4bf6ce46fbe51e6c 8c951bf88d9566dc954964f5498e4acc49f3080391c11c96500964f87ddf701d Loading...

	v1.bundlecdn.com/js/icons-pack-social.8aa428c6e.js	ScriptElement	26 kB	2024-04-24	2025-01-21
Pretty URL v1.bundlecdn.com/js/icons-pack-social.8aa428c6e.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28 Last Seen2025-01-21 03:04 Times Seen653 Hash 1b14185591d9bcf20bd451f8e80432b5 b234f9245842f8270f24b137798dab716dca4f96 8fe516d4373eef98060bd7bd9a38c40915c5628bd90429ee567feeb3ff5e3bcb Loading...

	v1.bundlecdn.com/js/62825.f936628cb.js	ScriptElement	736 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/62825.f936628cb.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1046 Hash 28e8d81ce74785fd3e402ba70f30570e ac5e4809cee47c9ac0f08221da5ab8358986d564 a7928d556c13082bd24d471ea1824a8771b146b4010e05159c35dddc32927c18 Loading...

	unknown	ScriptElement	1.2 kB	2025-01-02	2025-01-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash 46c49f02d3ee03ee2a44818c35b903a5 b7d4590df0748781bd073c833449ab0031d903b5 626bd80fe72dee7da953acba8c3548e5835acead7f74508de36bde19adeaf17b Loading...

	unknown	ScriptElement	2.7 kB	2025-01-02	2025-01-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash 51d07c2c13d6a2ba2c9bc17125627ecb 7bb650e3e90f5499368e44a8616c1cf0f006b4eb 8c8693dde81ebeb1c2b369e87626a31a0a28bb2b9474ee1463ebdae9c7ab233a Loading...

	res.1wcommon.com/JBjT7__2NcB1eqtx?de2b90ac3ce764ef=6xKxYFo15LjpvvhKuIhFK72BgZbIJeh5Cw-LZnmUBcxD0VxPuC99P0jVudrO_HPBBEg59Ezk9XPe09HIr8YTy5Fyhdfc6KTt1uTLfpYCChCu6D1IN2qmUXtURoFSP5zslzZKIoW4sC-q0HBkVdLhtqS-JtB-shXFBVUPjt6rsh2W6VCnuqBheh4BH6AW7gGZFhV8t0obUyu9365vA0xx	ScriptElement	99 kB	2025-01-02	2025-01-02
Pretty URL res.1wcommon.com/JBjT7__2NcB1eqtx?de2b90ac3ce764ef=6xKxYFo15LjpvvhKuIhFK72BgZbIJeh5Cw-LZnmUBcxD0VxPuC99P0jVudrO_HPBBEg59Ezk9XPe09HIr8YTy5Fyhdfc6KTt1uTLfpYCChCu6D1IN2qmUXtURoFSP5zslzZKIoW4sC-q0HBkVdLhtqS-JtB-shXFBVUPjt6rsh2W6VCnuqBheh4BH6AW7gGZFhV8t0obUyu9365vA0xx IP 91.235.132.77 ASN #30286 THM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash 8d470c896d034d00d0cc75e52e4059df 3950f180c65632282caecdc09f866b44313a281c fd4dbd206aa82782f91c98e4abe710e264c2645b76650589ef3ed349d3245b24 Loading...

	1wmlv.com/firebase/8.1.1/firebase-app.js	ScriptElement	20 kB	2023-03-07	2025-07-22
Pretty URL 1wmlv.com/firebase/8.1.1/firebase-app.js IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45 Last Seen2025-07-22 06:49 Times Seen3866 Hash 5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce Loading...

	v1.bundlecdn.com/js/86503.87a028c90.js	ScriptElement	12 kB	2024-12-25	2025-01-29
Pretty URL v1.bundlecdn.com/js/86503.87a028c90.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-25 23:47 Last Seen2025-01-29 06:42 Times Seen110 Hash 90b6ed50762999309a7a3da74ea64a5c 4ff8f43a12e167189e848f0a1efb8b0cc9c55483 515e8c26feace3dfbf25eb661bacf4923ba11565c182a83364c4c225ed6f2aad Loading...

	v1.bundlecdn.com/js/91217.c8a6215ce.js	ScriptElement	828 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/91217.c8a6215ce.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1504 Hash ba2b6cee07a00d456f358cd9e2bf7ffc 77c0332cc2baee5b4783b7c60294284222603a97 d071f74f942a98bf42fb73282a6a91ffaf9eeb116dd49dd0900ffc396d537704 Loading...

	v1.bundlecdn.com/js/91635.244847c5e.js	ScriptElement	748 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/91635.244847c5e.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1505 Hash e51646e9aa8ede0120c324fc7f1b980c d15bed4653a73a03424bc09e7746ad922a01579c 902ca682d52d4ae2808e187bbae9b7128712d732d7d5eda4cf1bad017d4f9521 Loading...

	v1.bundlecdn.com/js/57652.205716ee3.js	ScriptElement	647 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/57652.205716ee3.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1503 Hash 216ec24dc6b69039aa6f2ffe247e3d23 a699b435adab6e2d4e00853d5bb26ecc4e3599dc b3448f22c1183376e60f5959e8eeb55db3157f8ce74e60e72cb8b3b0db97ea50 Loading...

	unknown	ScriptElement	1.2 kB	2025-01-02	2025-01-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash ca7845f23b6055d9b5d3baaec842c330 f6de1b7f7f1af382077b1390e466bf16b0ccad8a 3e4155d4b1a7df69f8a11ebf32ad522f44c9e4f4b630c22404bd757e79660c12 Loading...

	unknown	ScriptElement	315 B	2024-12-24	2025-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-24 19:48 Last Seen2025-04-24 07:39 Times Seen658 Hash 43d9e84a9efe85c58b596d86cfeea667 d6467405842f3c63594b546c36a6193e961223c8 a58700cec5d1c5ef7a4b5467e7ad33a7c1f8572744fd5436048fb7dff9901904 Loading...

	v1.bundlecdn.com/js/icons-pack-home.05bac7a6f.js	ScriptElement	20 kB	2024-11-30	2025-02-24
Pretty URL v1.bundlecdn.com/js/icons-pack-home.05bac7a6f.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-30 19:22 Last Seen2025-02-24 04:39 Times Seen284 Hash bd56ddb50b7c8ff86ef871b5dae658c5 b94c4918fe2df1b74c9e98cc54a40c03f1d8788d 44cc780feffe2428d19fb77940196e2637ecd202d69e842ef2c6d5544c055b7b Loading...

	res.1wcommon.com/bs7qqzjeeal6kblg.js?pl8k35lffzuhuc3d=3fb27s7b&sfrl0mtkdj3c2sba=7db5258a-2e20-4978-9eeb-cc5e24ac034c	ScriptElement	99 kB	2025-01-02	2025-01-02
Pretty URL res.1wcommon.com/bs7qqzjeeal6kblg.js?pl8k35lffzuhuc3d=3fb27s7b&sfrl0mtkdj3c2sba=7db5258a-2e20-4978-9eeb-cc5e24ac034c IP 91.235.132.77 ASN #30286 THM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash 528e6f4b4fe7d00d52f1f2488a8ae962 6c889cdd8f635cdb2f2d18ec52be3cc744b64489 bafca11845149efb8d27c90b3bf72e6b5d556d1e50f7b47c5beb286271188cd1 Loading...

	v1.bundlecdn.com/js/desktop.401b842f8.js	ScriptElement	127 kB	2024-12-28	2025-01-08
Pretty URL v1.bundlecdn.com/js/desktop.401b842f8.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-28 15:10 Last Seen2025-01-08 10:56 Times Seen114 Hash 2b2fa4c9b39e9ceee9302d6fb015dd4d a33f01327cfe66b54a99a160892be268214369e2 b40d21e46168b276ff84b109058b7613fe54f138102f588ee8c43d3bceeafccd Loading...

	v1.bundlecdn.com/js/88627.a855d83e5.js	ScriptElement	95 kB	2024-10-03	2025-04-28
Pretty URL v1.bundlecdn.com/js/88627.a855d83e5.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-03 17:52 Last Seen2025-04-28 04:46 Times Seen688 Hash 3be46d4a6d65c54de2d6b32f7d833fbd 920ac70d59a4a2e9f17d2c1c6bae5f994d177c5a 0df80e683567034f90980270484b932ad5b391c66eb61244f26ef6a6ca3d04b5 Loading...

	v1.bundlecdn.com/js/36931.b9464455e.js	ScriptElement	26 kB	2024-12-25	2025-01-08
Pretty URL v1.bundlecdn.com/js/36931.b9464455e.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-25 23:47 Last Seen2025-01-08 07:48 Times Seen85 Hash 6c7d2514293b4d2a3d44e863f1dd80b3 d579f531c43f5fe7e1cd41a9e24a3881bc37cefc f6fe0e87cf89a7e541cc2b4f8c66256fab44a9a01ccd4f952acf479c723fc07d Loading...

	v1.bundlecdn.com/js/46719.6e7050b21.js	ScriptElement	527 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/46719.6e7050b21.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1053 Hash 4aed1e3e32871424dc1c549529ea26b8 1d2f8b2c24659b65a6c8fd249b156d8f668d46fa 579590204e7c01d12d85ed9d70750b3260a0212c70a9fdb264bce2a83449721a Loading...

	v1.bundlecdn.com/js/35967.7afed69d8.js	ScriptElement	958 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/35967.7afed69d8.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1051 Hash 9806bcc449ce96d93fe65bcffdc05c40 1a041edc174e43e94299ee18ebdb25b7b49b3036 56aec7b45747b8a8d71302ffa3af8d1f05dda5ae85e3dcc26905549c63c251a6 Loading...

	v1.bundlecdn.com/js/58258.c2b2b6c85.js	ScriptElement	2.7 kB	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/58258.c2b2b6c85.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1043 Hash 429e788491131cf7a26b1e1b4b80ee2e f03316b5749e994f600acf4730886b5be0d136f8 30993561b31b29a22b8b7e999f66952c341241534c5494303bcb8bc07b5ad3e3 Loading...

	unknown	ScriptElement	2.7 kB	2025-01-02	2025-01-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash 7713ddf0c6f469f810f65c919aca6840 2b9531ebe30b46d006512c019039e9d0c9a6e732 dbb2c7187ef2792c271b3adf9cff7e003097c3a387c104c22353f6a2f9329945 Loading...

	1wmlv.com/	ScriptElement	457 B	2024-09-18	2025-07-22
Pretty URL 1wmlv.com/ IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-18 22:27 Last Seen2025-07-22 06:49 Times Seen2300 Hash 8b7e344b3b48d3604aa6384ddcbf3ebe 267186b1d53cb03b9434616691927c8565e69a38 c721f2fc1e31b7eb8285cc9aa4c368382dc6a7647f68df85d0d3cb096d8703f4 Loading...

	v1.bundlecdn.com/js/64419.f2a0c4eb3.js	ScriptElement	72 kB	2024-12-28	2025-01-08
Pretty URL v1.bundlecdn.com/js/64419.f2a0c4eb3.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-28 15:10 Last Seen2025-01-08 10:56 Times Seen114 Hash a74806724ecd17e69fafdafa143409af 1e7d015d918806b526787c1e0739c2b8c5d3514d 9a7907cd1462c7c88922452fcadbb27f6492df6c3f7824a933d2092e94ac0f5e Loading...

	v1.bundlecdn.com/js/82369.85ff69ced.js	ScriptElement	31 kB	2024-12-23	2025-02-24
Pretty URL v1.bundlecdn.com/js/82369.85ff69ced.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-23 16:37 Last Seen2025-02-24 04:39 Times Seen263 Hash f189295544414db4736d4ac2ff800652 f7fee96e2198d7845bf30a14a59512c39cd4b30c 0de70879222b252b034e15aa7edd616e4e9ef04cd9dd70dd9b316987c21067a1 Loading...

	res.1wcommon.com/chuuIfd-u9EyCe7R?5c9829b7d530e3c6=IHRhFfAAhP-3rNPojcXDDGlmQWlXnMDkAuCcviwvVaoRB2D2DPsv_zPIG1I1sNPl7ZgN3l-qilFPcyzJpR2r5OmilyJasCFFPYy4Fc1KTwBr3LQtW87AUxW0mYQoIn49yS2DTA-VDumPzxhXB7cFEg&fr	ScriptElement	134 B	2025-01-02	2025-01-02
Pretty URL res.1wcommon.com/chuuIfd-u9EyCe7R?5c9829b7d530e3c6=IHRhFfAAhP-3rNPojcXDDGlmQWlXnMDkAuCcviwvVaoRB2D2DPsv_zPIG1I1sNPl7ZgN3l-qilFPcyzJpR2r5OmilyJasCFFPYy4Fc1KTwBr3LQtW87AUxW0mYQoIn49yS2DTA-VDumPzxhXB7cFEg&fr IP 91.235.132.77 ASN #30286 THM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash a872dcfd0b3f308c9a37b8aab8e815a5 70aca77ee6177686a6c10f4672fb185ccbc1ab28 0ddb97f2e4bda6110dd049382dc3b71da72359b4858b2b19b466cb3f4e696dcf Loading...

	res.1wcommon.com/mE2s651G9dMegDhL?42cff4ba1c4602cd=4HFeaFKxT1dxMn4lBgehGk7FuhpIA7iLAh-G3FU5ved-Eek7roFux9xHHHcn6o6qT0q11Qt4F8-5Pd3qJ96YRI8UiAP3YCLddqVVMTryvTNVfrW81w7dAyAmX2X02FWiqQR_QldRPyY07g3UWdOZdztmU_rEdONpYVCBtN2stLahgV1gcyoPfCRiawY05V5i79GONvQ-EL8g3lNqRZ7Ib9dty38&sera_parametere=UxYFAAIFAQBSUl4BBwoNUwxRXFYEVwwDXlNeBQYHUFQBU11RDQAAVwVVCkJDQAkPWxZNEUZECiFDB3pBB3cRVAUMSwBZBFQACERLQQN3EVF3Vh1ScUQLVQ5fSxBDFgciEFF6QAIlHwEPDQ8ABgBSVwZQAAAAVVsABFJbUVZVVldUAw0HBVULXAIAXF0GBgZVBFYeC1oPWgBbBV5cVQZVX1AACF1RUQpRABZSFw0DTFFWVlkHAFEBXFYFWQJSUgVWUVMJUQAAWgBSA1lcVFEAX1ZUXFMHBQlDB1kFVQIEAlMTD1FYGFAfFQ8NAV0JCgxAXQ0FQ1dcfwwUVV4LSBVWEAhfDkNXDkpYKllWEUgVVwQIElwfagJYCQpSWQdbFVESCFcJXQ%3D%3D&count=0&max=0	ScriptElement	35 B	2024-11-13	2025-07-19
Pretty URL res.1wcommon.com/mE2s651G9dMegDhL?42cff4ba1c4602cd=4HFeaFKxT1dxMn4lBgehGk7FuhpIA7iLAh-G3FU5ved-Eek7roFux9xHHHcn6o6qT0q11Qt4F8-5Pd3qJ96YRI8UiAP3YCLddqVVMTryvTNVfrW81w7dAyAmX2X02FWiqQR_QldRPyY07g3UWdOZdztmU_rEdONpYVCBtN2stLahgV1gcyoPfCRiawY05V5i79GONvQ-EL8g3lNqRZ7Ib9dty38&sera_parametere=UxYFAAIFAQBSUl4BBwoNUwxRXFYEVwwDXlNeBQYHUFQBU11RDQAAVwVVCkJDQAkPWxZNEUZECiFDB3pBB3cRVAUMSwBZBFQACERLQQN3EVF3Vh1ScUQLVQ5fSxBDFgciEFF6QAIlHwEPDQ8ABgBSVwZQAAAAVVsABFJbUVZVVldUAw0HBVULXAIAXF0GBgZVBFYeC1oPWgBbBV5cVQZVX1AACF1RUQpRABZSFw0DTFFWVlkHAFEBXFYFWQJSUgVWUVMJUQAAWgBSA1lcVFEAX1ZUXFMHBQlDB1kFVQIEAlMTD1FYGFAfFQ8NAV0JCgxAXQ0FQ1dcfwwUVV4LSBVWEAhfDkNXDkpYKllWEUgVVwQIElwfagJYCQpSWQdbFVESCFcJXQ%3D%3D&count=0&max=0 IP 91.235.132.77 ASN #30286 THM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-13 14:18 Last Seen2025-07-19 00:24 Times Seen14 Hash d7fc0bbe1e0676a36e0186c03f1fcc6f 40c6af2957cc989998210e1993f0ef0b34de0572 22526685649e1c32efe41802fd96787618bee9fe61873bfe0dbe7f71211e7b84 Loading...

	unknown	ScriptElement	2.7 kB	2025-01-02	2025-01-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash c83cb54acefed521fdafca974712bc4b 58a154bda1b42f69dd48e69b23685100fff97741 50a1ca98397232c205dd9e76eb6e21fd7ad423e08bd71e910206c11b5791e9b9 Loading...

	1wmlv.com/core-js/3.33.3/minified.js	ScriptElement	244 kB	2023-11-30	2025-07-22
Pretty URL 1wmlv.com/core-js/3.33.3/minified.js IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 12:06 Last Seen2025-07-22 06:49 Times Seen3550 Hash 97ef15810bfd714fbb6955466693fa81 c33a9988b77ff3a02fd14874f2308ccf1739f8c4 e150f69a7ae98980592fe81f0f664c242834976066cb0fc326331d8983b63515 Loading...

	1wmlv.com/	ScriptElement	270 B	2024-03-30	2025-07-22
Pretty URL 1wmlv.com/ IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44 Last Seen2025-07-22 06:49 Times Seen2949 Hash 289bc12eac8d1333c742852d93dd0e77 931edfd193daa1e31e14e475d0dd467e66a33e19 87cc625c5c98e7a5971dace6ce6fc444053dd92da11a36c62ee5ed3c6f56fcb6 Loading...

	v1.bundlecdn.com/js/86359.7c408a029.js	ScriptElement	634 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/86359.7c408a029.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1503 Hash a9c94358d9375f9d5d2475ee6c117033 ab71f0dfde4e0ea9e5a78c68934867a868f36a8a f4a61473edf04efa0863e90c136ec67d5fcb0f78eae6a2cecdb477669c06033c Loading...

	1wmlv.com/firebase/8.1.1/firebase-messaging.js	ScriptElement	41 kB	2023-03-07	2025-07-22
Pretty URL 1wmlv.com/firebase/8.1.1/firebase-messaging.js IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45 Last Seen2025-07-22 06:49 Times Seen3867 Hash 450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f Loading...

	res.1wcommon.com/cYyhskKmZZPWaT33?ee68496e6fa9bea3=dAytLKg_d_AOHI5TTJLAJ1D17t2Huu7ns9_SMFQFemvGJEccbxpjL6mqgnfaD5ZDu52emW3SzT1BHJz-s7pShXET8lJz8WUJXLz9G_q60xscKIMP3J3Rvl-5tnNUB5zZ-82uX5res1xHrvUsBk22tQ	ScriptElement	134 B	2025-01-02	2025-01-02
Pretty URL res.1wcommon.com/cYyhskKmZZPWaT33?ee68496e6fa9bea3=dAytLKg_d_AOHI5TTJLAJ1D17t2Huu7ns9_SMFQFemvGJEccbxpjL6mqgnfaD5ZDu52emW3SzT1BHJz-s7pShXET8lJz8WUJXLz9G_q60xscKIMP3J3Rvl-5tnNUB5zZ-82uX5res1xHrvUsBk22tQ IP 91.235.132.77 ASN #30286 THM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash cdd1622251b2da0e649d6c88ccb270f9 d7722c0329a174db03c27741757daf10403b25c6 3e4cca3a0bb705e28fedbc903b6af6a30973db80f3a244749892d2b2dbd0ac93 Loading...

	www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c&gtm=45He4cc1v894400803za200	ScriptElement	294 kB	2025-01-02	2025-01-02
Pretty URL www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c&gtm=45He4cc1v894400803za200 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash 3f6574b7afbf3e2f0a5b5db711be1498 28fe4859f3e72610b4f2026e8ddab37cd64d9e5c d74dba0f8d71afb37b842031fa0985d8b81ddd7a761851697e8fb2840476fd50 Loading...

	www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js	ScriptElement	560 kB	2024-12-12	2025-07-21
Pretty URL www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-12 06:57 Last Seen2025-07-21 21:34 Times Seen9565 Hash 19ddac3be88eda2c8263c5d52fa7f6bd c81720778f57c56244c72ce6ef402bb4de5f9619 b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6 Loading...

	v1.bundlecdn.com/js/chunk-vendors.3d74578bd.js	ScriptElement	260 kB	2024-12-17	2025-02-24
Pretty URL v1.bundlecdn.com/js/chunk-vendors.3d74578bd.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-17 01:14 Last Seen2025-02-24 04:39 Times Seen337 Hash c78f07e925a7e6c08d85834c8c0f5287 54db6878dc4cfa5b76e636188ceddb95db893117 3cf58ddc37bd5e3edfa62af6af71c5d890049553db42f6a45e6e2e63b1f74754 Loading...

	v1.bundlecdn.com/js/48430.2ae3ab266.js	ScriptElement	1.2 kB	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/48430.2ae3ab266.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1500 Hash 1ff7975a9909675793b03da1294f9681 04198fea02ca2f61451191a0916f7a3b87967bfa 06b058e9e4542070b7052f3cdb79599a4353b89529357a5a4df7258c3b1656bc Loading...

	1wmlv.com/threatmetrix/v5/fp-clientlib-v5.js	ScriptElement	3.7 kB	2024-11-30	2025-07-22
Pretty URL 1wmlv.com/threatmetrix/v5/fp-clientlib-v5.js IP 186.2.162.102 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-30 19:22 Last Seen2025-07-22 06:49 Times Seen2424 Hash 8d7b42488d8e07f4c327a051f32bd7ba 135803741bb9f5795e79aa8126343dcfe56c3b7d 3c1d850e89fe08fa1120435a91f4a011d2bbb9e696549f2099b154724b20e399 Loading...

	v1.bundlecdn.com/js/31310.639eb2a92.js	ScriptElement	528 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/31310.639eb2a92.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1503 Hash a81a1029c765d56df809940586f5ebf2 0af374464f6a4ad7af03cbe18ade0125c6b9fbc7 441aab7f91c07adfafb38da23b57e3787bf49c465f11afbf282a0825edec500f Loading...

	unknown	ScriptElement	1.2 kB	2025-01-02	2025-01-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash 5bea7005bb59f8d2cf8c171b3ede915f e3f33fb9041f59ecbcca08a285cbf14334b23cf7 76a91540f8373724e1a15785533a5c2fcae84d5c3336654603bd44af1d72229b Loading...

	v1.bundlecdn.com/js/57460.dd61dfac5.js	ScriptElement	438 B	2023-12-01	2025-02-24
Pretty URL v1.bundlecdn.com/js/57460.dd61dfac5.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14 Last Seen2025-02-24 04:39 Times Seen1365 Hash 3940ad901c872d13b3f221d5d1753c90 d9543432f353b875d90ba22a0fe5d7edf3870d12 ffea5f4a3b9b89527a8eaa3be89086ffcb058b987b84dd614f314ec461a7b601 Loading...

	unknown	ScriptElement	1.2 kB	2025-01-02	2025-01-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash 4ffe808eae324f50ec353679175c7309 b6a9e85bc3fd13db2600f573e3776593b30a3270 0ba6d5abe6f443fc2bcc0755655976c47a607cec8feeba779d4736707c15b877 Loading...

	unknown	ScriptElement	1.2 kB	2025-01-02	2025-01-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 05:08 Last Seen2025-01-02 05:08 Times Seen1 Hash ea4a730ced458daf4d45649d57ab16e1 1ed26e330038cb1e53b4fd6f82deb4c266eddce9 7791eaa29a88ed32cfb0ee0d750e995defc1a5b39443c6b444d1c39fdea412bb Loading...

HTTP Transactions (216)

URL IP Response Size

1wmlv.com/core-js/3.33.3/minified.js

186.2.162.102

200 OK

74 kB

URL
1wmlv.com/core-js/3.33.3/minified.js
IP
186.2.162.102:0
ASN
#59692 IQWeb FZ-LLC

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31999)
Size
74 kB (74138 bytes)
Hash
38facf849f100d0fe6269a53a7bca451
9bb69f981438d48b093bd1eb673885476b4932f0
ce68e1614ab493deaecfa6eb9711736de0348248e1d559b5f6dfb5dc4c29b459

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=vnVZEQXufTBQBKkd; __ddg9_=91.90.42.154; __ddg10_=1735794454; __ddg1_=S7wYT78fSAJSkRMkWDxQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=qU8ENbQjJYACFQEA; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:34 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:34 GMT
__ddg10_=1735794454; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:34 GMT
date: Tue, 31 Dec 2024 04:09:22 GMT
content-type: application/javascript
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
vary: Accept-Encoding
age: 176292
content-length: 74138
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2

154.197.121.128

200 OK

33 kB

URL GET HTTP/2
v1.bundlecdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33064, version 1.0
Size
33 kB (33064 bytes)
Hash
de175cbf569bb3ccf1f761c845cbd896
8d93663b858bae157ba5fc40e1400177104d71bd
df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wmlv.com/
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:34 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: "6772bd7f-8128"
expires: Sun, 31 Dec 2034 05:07:34 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ee1bd910c1-CPH
X-Firefox-Spdy: h2

GET 1wmlv.com/

186.2.162.102

200 OK

36 kB

URL User Request GET HTTP/2
1wmlv.com/
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
gzip compressed data, max speed, from Unix
Size
36 kB (35689 bytes)
Hash
dec3c47968ca0d0d62271886b6616336
dc828412104a25ab25690108aa856bedf133cd43
d1323ecc50e79954678fecf124d6cf4993762ea8b5efe5a7db18f9eabb80a627

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=vnVZEQXufTBQBKkd; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:34 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:34 GMT
__ddg10_=1735794454; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:34 GMT
__ddg1_=S7wYT78fSAJSkRMkWDxQ; Domain=.1wmlv.com; HttpOnly; Path=/; Expires=Fri, 02-Jan-2026 05:07:34 GMT
date: Thu, 02 Jan 2025 05:07:34 GMT
content-type: text/html; charset=utf-8
x-request-id: N81DxTWkhYlBwda5
x-app-version: v2.137.2
x-match-domain: 1wmlv.com
vary: Origin
access-control-allow-origin: *
content-encoding: gzip
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/font/SFNSText-latin.f09aa5229.woff2

154.197.121.128

200 OK

44 kB

URL GET HTTP/2
v1.bundlecdn.com/font/SFNSText-latin.f09aa5229.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43512, version 1.0
Size
44 kB (43512 bytes)
Hash
426f20bb65ea80d35f3f2a999d5d7d1e
85f211a450f26d7f0822d718fc61085a506fa455
06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wmlv.com/
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:34 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: "6772bd7f-a9f8"
expires: Sun, 31 Dec 2034 05:07:34 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ee4be010c1-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/desktop.401b842f8.js

154.197.121.128

200 OK

79 kB

URL GET HTTP/2
v1.bundlecdn.com/js/desktop.401b842f8.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
79 kB (78552 bytes)
Hash
b802ef0eeace0571c573bf4b95aaa735
46d26000ef3e5de487f80d1dd836c4b4a1a3e646
9192e495e8d9720851b4f1d26a76a83a998422f1fed1defc70a535b008b16a41

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/desktop.401b842f8.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 28 Dec 2024 13:50:54 GMT
etag: W/"6770023e-1f05c"
expires: Sun, 31 Dec 2034 05:07:35 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 399917
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f019d8eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/desktop.401b842f8.js

154.197.121.128

200 OK

35 kB

URL GET HTTP/2
v1.bundlecdn.com/js/desktop.401b842f8.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
35 kB (35334 bytes)
Hash
5c3a3795b66c43a458358afdbfa95dbe
e1994ee19604d03b0de4288483cba765b63de417
a5f780d661dcbac3560223d1c5f499b54432d9c91adc626bb34860a229b03fa5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/desktop.401b842f8.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 28 Dec 2024 13:50:54 GMT
etag: W/"6770023e-1f05c"
expires: Sun, 31 Dec 2034 05:07:35 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 399917
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f11b01eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/82528.9e2dc2c8c.js

154.197.121.128

200 OK

92 kB

URL GET HTTP/2
v1.bundlecdn.com/js/82528.9e2dc2c8c.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
92 kB (91632 bytes)
Hash
0f9119ac4873728499303fcb8183d4f1
7c3c961d235532d2605c9a6b438cd1b8a49d0a50
cb3175e3bcba5bb93c8af9bcb4d2a62eadaef1b134d6dce535aa94815794d54b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/82528.9e2dc2c8c.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-4c638"
expires: Sun, 31 Dec 2034 05:07:35 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 221026
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f10afeeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7

142.250.74.168

200 OK

109 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintFA:A6:D6:5C:A6:DC:BE:D1:9A:34:42:70:3B:66:13:21:40:A4:C9:E4
ValidityMon, 02 Dec 2024 08:35:56 GMT - Mon, 24 Feb 2025 08:35:55 GMT

File type
JavaScript source, ASCII text, with very long lines (20469)
Size
109 kB (108960 bytes)
Hash
0d305ef7e5384b5fac107c3aa48eaa13
d184b45c4622781107179ddaddcd6f53929a4089
71ef6653cdaf9bfa6bc9700922da4a0215514b9e6fa3c036a965de46dc05cdbe

HTTP Headers

GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 Jan 2025 05:07:36 GMT
expires: Thu, 02 Jan 2025 05:07:36 GMT
cache-control: private, max-age=900
last-modified: Thu, 02 Jan 2025 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
server: Google Tag Manager
content-length: 108960
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/64829.b5920df2e.js

154.197.121.128

200 OK

21 kB

URL GET HTTP/2
v1.bundlecdn.com/js/64829.b5920df2e.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
21 kB (20863 bytes)
Hash
18ca0af589e613589464b733212c15bb
3dbe09e1074cfaf14caab91221d725ddf4ac745e
94245ae334bde13dbde27b464bb045e5c264ac6e6486140e1a8aacb3c8a7f158

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/64829.b5920df2e.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 25 Dec 2024 15:13:57 GMT
etag: W/"676c2135-e0cf"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 650234
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f6186feb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

v1.bundlecdn.com/js/91217.c8a6215ce.js

154.197.121.128

200 OK

9.0 kB

URL
v1.bundlecdn.com/js/91217.c8a6215ce.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
9.0 kB (8978 bytes)
Hash
270dab54e38c20ded118fb38d990c97c
2212cc21bc4e6d2551fe00e7073a6c9f4e67ce1f
a199af34b2e0fe188f1c1ec9f6cea0159112065d660acf70673e169dae84a22c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/91217.c8a6215ce.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 22 Aug 2024 12:57:33 GMT
etag: W/"66c735bd-33c"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 11461649
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f6d961eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/86503.87a028c90.js

154.197.121.128

200 OK

23 kB

URL GET HTTP/2
v1.bundlecdn.com/js/86503.87a028c90.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
23 kB (22888 bytes)
Hash
d7680b0c45b2b6b5c0c7d9946f4cbf33
10e2ba6f4dc891eba1587447ceddf04c0184783f
9b555542d04d5bf7cf27ba0fea212a06a54a1dd3129cfb3af7a146c546b8a434

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/86503.87a028c90.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 25 Dec 2024 15:13:57 GMT
etag: W/"676c2135-2cf9"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 653925
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f61867eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/17832.eeeb495ed.js

154.197.121.128

200 OK

20 kB

URL GET HTTP/2
v1.bundlecdn.com/js/17832.eeeb495ed.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
20 kB (19911 bytes)
Hash
4dd6e1cb0c7f43dcc58a59d2f1c79c5d
24f17829517421bcac448fe2359d8dd2d9d5e92a
8f30ec700b543fee1bae323e7b2819aa5c69c0a140029a9c2169b35be684e809

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/17832.eeeb495ed.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 28 Dec 2024 13:50:54 GMT
etag: W/"6770023e-2f1a"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 399917
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f61870eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/flags/en.svg

154.197.121.128

200 OK

7.4 kB

URL GET HTTP/2
v1.bundlecdn.com/img/flags/en.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
7.4 kB (7397 bytes)
Hash
b06f538259c2207cdafb743db6df4607
5844948e3ae7301ad905d2949bf09be66ae7f7d5
05b44d779303962ececeb90f76a0c7c1ac062a6da90f62e9bc5505670d6b103b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/en.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4132
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f719a0eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/cashback.f5a548e68-399.png@png

154.197.121.128

200 OK

46 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/cashback.f5a548e68-399.png@png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 399 x 472, 8-bit colormap, non-interlaced
Size
46 kB (45818 bytes)
Hash
d85dc9c313de5faf79707dc368542b76
c0fdc8b21e873c5abcc712a52bcb52eee788ac82
b210e48700f01e717f0dbee24441732c6c7fd849654b064ae55f426b7bb46308

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/cashback.f5a548e68-399.png@png HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 45818
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=52533
content-disposition: inline; filename="cashback.f5a548e68-399.png"
content-security-policy: script-src 'none'
etag: "oN-atjIedSHeipdyd-P-MI0_FeNXF8BfsVvHdE-1i2s/RIjY2YTM4Mzg4LWNjOTki"
x-request-id: SEAOGWuqohqkmT7i0suk7
cf-cache-status: HIT
age: 2874965
expires: Fri, 02 Jan 2026 05:07:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f7ea87eb51-CPH
X-Firefox-Spdy: h2

imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/bonus.8be9e8f98-362.png@png

154.197.121.128

200 OK

43 kB

URL
imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/bonus.8be9e8f98-362.png@png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 362 x 429, 8-bit colormap, non-interlaced
Size
43 kB (43154 bytes)
Hash
b15bb44e49da1de28ac94ae6448058e7
1290fcb55ccfa6ac5b0125c11a981a5cec9feb5d
5c8214c759c050a3cae586835e50950322cd4b405a32270eb8566f24800baded

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/bonus.8be9e8f98-362.png@png HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 43154
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=49865
content-disposition: inline; filename="bonus.8be9e8f98-362.png"
content-security-policy: script-src 'none'
etag: "oN-atjIedSHeipdyd-P-MI0_FeNXF8BfsVvHdE-1i2s/RIjY2YTM4MzhmLWMyMGQi"
x-request-id: WiVo6bTcGEvUSWz-F8gwR
cf-cache-status: HIT
age: 1142538
expires: Fri, 02 Jan 2026 05:07:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f7ea91eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/css/64829.45681574e.css

154.197.121.128

200 OK

342 kB

URL GET HTTP/2
v1.bundlecdn.com/css/64829.45681574e.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
342 kB (342341 bytes)
Hash
3e43a0f10c5ea5954fcdf950c570537e
db8d39c94163834b02adb156197e6641ff32241c
1ac84abe2ba5850965fbfd524842d8298f7f86226942be1947f3f01fa451532a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/64829.45681574e.css HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: text/css
last-modified: Mon, 23 Dec 2024 15:19:14 GMT
etag: W/"67697f72-b73c"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 825434
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f61869eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

v1.bundlecdn.com/js/90511.4d14ae8a6.js

154.197.121.128

200 OK

6.9 kB

URL
v1.bundlecdn.com/js/90511.4d14ae8a6.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
6.9 kB (6854 bytes)
Hash
d9ad03d64a4dc6798e4ccc6d0bf59c4e
bee567221d248642992e3dd882a254d383dfe331
2e9c12abc86ac31adc917a8569234e597f2544ef784cb7a3ce93844adbd50d3d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/90511.4d14ae8a6.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 26 Aug 2024 14:28:36 GMT
etag: W/"66cc9114-27d"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 8119724
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f77a42eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

v1.bundlecdn.com/js/60385.2b555ff35.js

154.197.121.128

200 OK

409 kB

URL
v1.bundlecdn.com/js/60385.2b555ff35.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
409 kB (408953 bytes)
Hash
c2c7c52be4127d214048ab88a8a742c4
9d02cad5249007686ea7ecb5c1ac216a4ca1bcee
0c44283cc01f7a9c99396836ac39650480c980e129e0cab2eb8cb6c2d8b8bd3d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/60385.2b555ff35.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 25 Dec 2024 15:13:57 GMT
etag: W/"676c2135-241d"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 654215
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f60862eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/home-poker-banner-bg.daea5f5cb-600.png

154.197.121.128

200 OK

20 kB

URL GET HTTP/2
v1.bundlecdn.com/img/home-poker-banner-bg.daea5f5cb-600.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 600 x 295, 8-bit colormap, non-interlaced
Size
20 kB (19467 bytes)
Hash
b924bd42443557a1ef9d41f043ddf175
a9db601e2941557cba7e3e688390aa43e8411e2e
8103c7873a41f0c2d28c5738b5bfb26bf324123930e0f49f7cf83964211b1def

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home-poker-banner-bg.daea5f5cb-600.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 19467
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21524
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6772bd7f-5414"
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f7faaaeb51-CPH
X-Firefox-Spdy: h2

imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/b31Gws6KhBIwk-iwi98hY3gNsEcvtN7SHgQWfAS1S2pVh8P-Lthf7xsAlka1uUvWUjMHpApd-X6IS3GQUp2R4E60Xhpga2kwK7gg.jpg@png

154.197.121.128

200 OK

288 kB

URL
imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/b31Gws6KhBIwk-iwi98hY3gNsEcvtN7SHgQWfAS1S2pVh8P-Lthf7xsAlka1uUvWUjMHpApd-X6IS3GQUp2R4E60Xhpga2kwK7gg.jpg@png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 1820 x 728, 8-bit colormap, non-interlaced
Size
288 kB (288133 bytes)
Hash
34e8340b98c16e30e4089f3ce0496364
4b98f64c46536265f67b2fe056fad0294782a7d2
7fe8522a4e42126818a2ccf1f4fd09e84c5c8c82d082fcbea7afbf7ce32bb0fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/b31Gws6KhBIwk-iwi98hY3gNsEcvtN7SHgQWfAS1S2pVh8P-Lthf7xsAlka1uUvWUjMHpApd-X6IS3GQUp2R4E60Xhpga2kwK7gg.jpg@png HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 288133
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=320440
content-disposition: inline; filename="b31Gws6KhBIwk-iwi98hY3gNsEcvtN7SHgQWfAS1S2pVh8P-Lthf7xsAlka1uUvWUjMHpApd-X6IS3GQUp2R4E60Xhpga2kwK7gg.png"
content-security-policy: script-src 'none'
etag: "oN-atjIedSHeipdyd-P-MI0_FeNXF8BfsVvHdE-1i2s/RIjY3NWU5NjEyLTEzMDE4Ig"
expires: Fri, 02 Jan 2026 05:07:36 GMT
x-request-id: pRUUboNj7yPq1jR98Mn3Z
cf-cache-status: HIT
age: 1142538
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f7ea86eb51-CPH
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/free-money-link-image.1ada0c9e1-120.png

154.197.121.128

200 OK

5.3 kB

URL
v1.bundlecdn.com/img/free-money-link-image.1ada0c9e1-120.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 120 x 97, 8-bit colormap, non-interlaced
Size
5.3 kB (5274 bytes)
Hash
911fa68d94dd3f2bc8ceff2671e87bdd
9bca43449cf32e95c62291a802cad6e6c4493025
9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 5274
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6772bd7f-18d2"
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
cf-cache-status: HIT
age: 790
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f93bdaeb51-CPH
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png

154.197.121.128

200 OK

3.9 kB

URL
v1.bundlecdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
3.9 kB (3888 bytes)
Hash
bd11730c197227300ae5e1b00b8cc637
c0e28cfb09642e9402f12f9c6677242ef671de33
2868cadf19218572e4970158bb91602551898a040cac6fed88b1d98d77f1b649

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-tvbet-frame@2.52cde99d0-256.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 3888
cf-bgj: imgq:100,h2pri
cf-polished: origSize=4458
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6772bd7f-116a"
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f96c06eb51-CPH
X-Firefox-Spdy: h2

v1.bundlecdn.com/js/46719.6e7050b21.js

154.197.121.128

200 OK

17 kB

URL
v1.bundlecdn.com/js/46719.6e7050b21.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
17 kB (17230 bytes)
Hash
23de24cadaaa96dcddbc0f3a1c07d21d
5bec54d3b77bc02db3f68cca3e8879e30d9a0db4
c754c34db1558b0abccdc92f81bcadf30a4015668b48fed1d0fc5cc4cf44ed8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/46719.6e7050b21.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 22 Aug 2024 12:57:33 GMT
etag: W/"66c735bd-20f"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 11459527
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f84aeeeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/sprite-tvbet@2.888adc8ee-256.webp

154.197.121.128

200 OK

354 kB

URL
v1.bundlecdn.com/img/sprite-tvbet@2.888adc8ee-256.webp
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
RIFF (little-endian) data, Web/P image
Size
354 kB (353842 bytes)
Hash
8df817e5ef0af5dc8279d3f20cae9bc3
12c85bcc74a48053c92f3f75ce3c14e1a19e46d3
61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/webp
content-length: 353842
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: "6772bd7f-56632"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f96c0beb51-CPH
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png

154.197.121.128

200 OK

27 kB

URL
v1.bundlecdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
27 kB (27297 bytes)
Hash
9a35699413d56978ea4af6896f0aa16c
c22d50770f376a17d5539919541496a1e1e5a626
396126da9646bf2bf8d5a2a9f1e449391db7861540ad243e0ca8c3e0c40fd012

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-roulette-frame@2.76ea5a241-256.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 27297
cf-bgj: imgq:100,h2pri
cf-polished: origSize=29770
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6772bd7f-744a"
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f96c11eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/sprite-dice-frame@2.8e0d70675-256.png

154.197.121.128

200 OK

16 kB

URL GET HTTP/2
v1.bundlecdn.com/img/sprite-dice-frame@2.8e0d70675-256.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
16 kB (15901 bytes)
Hash
2018c59c5dccfaec96873d1ce9a60276
46ad94df758fdb9f0a257d99fcf52314cf5df926
b57379b1cd70db0d460ce31140e81eb78d3347ad6f7dd2cf9fe1c624d5e65439

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-dice-frame@2.8e0d70675-256.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 15901
cf-bgj: imgq:100,h2pri
cf-polished: origSize=17269
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6772bd7f-4375"
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f97c22eb51-CPH
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/sprite-poker-frame@2.50a0c1527-256.png

154.197.121.128

200 OK

9.4 kB

URL
v1.bundlecdn.com/img/sprite-poker-frame@2.50a0c1527-256.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
9.4 kB (9422 bytes)
Hash
e46f588febb018229e3c2450c4a3d4f0
4904652973205c308ead578918f7ff5a6a27bf0e
855739792866720d46d60d1a9696327132ecb9a4e9420ec40a861c41a6e57e20

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-poker-frame@2.50a0c1527-256.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 9422
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10453
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6772bd7f-28d5"
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f98c34eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/sprite-roulette@2.255074856-256.webp

154.197.121.128

200 OK

720 kB

URL GET HTTP/2
v1.bundlecdn.com/img/sprite-roulette@2.255074856-256.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
RIFF (little-endian) data, Web/P image
Size
720 kB (719644 bytes)
Hash
344d71695bd0f387fedd84fba6ace2c1
1d37e2d66ab1098072febc0a0dc3769d44090048
7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-roulette@2.255074856-256.webp HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/webp
content-length: 719644
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: "6772bd7f-afb1c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f97c19eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/sprite-poker@2.a38733e7a-256.webp

154.197.121.128

200 OK

361 kB

URL GET HTTP/2
v1.bundlecdn.com/img/sprite-poker@2.a38733e7a-256.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
RIFF (little-endian) data, Web/P image
Size
361 kB (360930 bytes)
Hash
3da44652926631bc4fc847cfcbad6c71
a5f7955272162e543d5db897e200d00d3af22b22
354fe37cee669fe141e1e1dcb3b5a12df1ff2b9b34be38b4f2e20dd46fdb7d2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-poker@2.a38733e7a-256.webp HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/webp
content-length: 360930
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: "6772bd7f-581e2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f99c3beb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp

154.197.121.128

200 OK

430 kB

URL GET HTTP/2
v1.bundlecdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
RIFF (little-endian) data, Web/P image
Size
430 kB (429680 bytes)
Hash
abaa6833958bdc5427e6fa573cbfa70a
d43989916cc382e4e3d983933d9cd52a7d1dbeb2
51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-dice@2.6e1ac0ed1-256.webp HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/webp
content-length: 429680
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: "6772bd7f-68e70"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f98c32eb51-CPH
X-Firefox-Spdy: h2

imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/z67oIQsNe-SbRut19iwRLnQMxN5sEskGBneACxZKhB27yLIduB3YquFOJoMwiXJxb6oi0Hua7kerqTKRXm2zI-YYjJtd_RkCgrmk.jpg@avif

154.197.121.128

200 OK

33 kB

URL
imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/z67oIQsNe-SbRut19iwRLnQMxN5sEskGBneACxZKhB27yLIduB3YquFOJoMwiXJxb6oi0Hua7kerqTKRXm2zI-YYjJtd_RkCgrmk.jpg@avif
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
33 kB (33342 bytes)
Hash
fbd33933433ee7565e1d46aab5e0aeb0
0bb92befabc170fe429a6ae0c828bc59c95787af
ac3762adbf4b4f8b481d91d422d46e3470229eacef3e04b6a46ed1cffd4e608c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/z67oIQsNe-SbRut19iwRLnQMxN5sEskGBneACxZKhB27yLIduB3YquFOJoMwiXJxb6oi0Hua7kerqTKRXm2zI-YYjJtd_RkCgrmk.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/avif
content-length: 33342
cache-control: public, max-age=31536000
content-disposition: inline; filename="z67oIQsNe-SbRut19iwRLnQMxN5sEskGBneACxZKhB27yLIduB3YquFOJoMwiXJxb6oi0Hua7kerqTKRXm2zI-YYjJtd_RkCgrmk.avif"
content-security-policy: script-src 'none'
etag: "xlg5b1aJN0wEm5fM9W-pwGes5IuQ2UVu2WSuFNlmdfI/RIjY2MTQ0NjkyLTNiZTY5Ig"
x-request-id: sHm6GaeR564QVg_J2-Fuf
cf-cache-status: HIT
age: 13789839
expires: Fri, 02 Jan 2026 05:07:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f9dc5eeb51-CPH
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/DzKVAArxaBHqiEauu1gdQ4Qd6jXfZOLv6UVKZYt3hStpMmKRxTR8sL1mQTWoHVyquNXbvoQDiCjbhQcg7eRF3rllM6gZ0i3e2-ul.jpg@avif

154.197.121.128

200 OK

53 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/DzKVAArxaBHqiEauu1gdQ4Qd6jXfZOLv6UVKZYt3hStpMmKRxTR8sL1mQTWoHVyquNXbvoQDiCjbhQcg7eRF3rllM6gZ0i3e2-ul.jpg@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
53 kB (52847 bytes)
Hash
b7c7e925db38146d2205bc69d5da27dc
df20aa9bac6249e308c3739cfb291b201216af8e
2111ae6e548523f365afae47c30854a86aaf0f1050a40827ad6858512d0b97fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/DzKVAArxaBHqiEauu1gdQ4Qd6jXfZOLv6UVKZYt3hStpMmKRxTR8sL1mQTWoHVyquNXbvoQDiCjbhQcg7eRF3rllM6gZ0i3e2-ul.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/avif
content-length: 52847
cache-control: public, max-age=31536000
content-disposition: inline; filename="DzKVAArxaBHqiEauu1gdQ4Qd6jXfZOLv6UVKZYt3hStpMmKRxTR8sL1mQTWoHVyquNXbvoQDiCjbhQcg7eRF3rllM6gZ0i3e2-ul.avif"
content-security-policy: script-src 'none'
etag: "xlg5b1aJN0wEm5fM9W-pwGes5IuQ2UVu2WSuFNlmdfI/RIjY2MTQyYjUyLTMwOTk3Ig"
x-request-id: I10mti1V80AxZafbm4ApP
cf-cache-status: HIT
age: 13792197
expires: Fri, 02 Jan 2026 05:07:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f9dc5feb51-CPH
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/b31Gws6KhBIwk-iwi98hY3gNsEcvtN7SHgQWfAS1S2pVh8P-Lthf7xsAlka1uUvWUjMHpApd-X6IS3GQUp2R4E60Xhpga2kwK7gg.jpg@avif

154.197.121.128

200 OK

35 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/b31Gws6KhBIwk-iwi98hY3gNsEcvtN7SHgQWfAS1S2pVh8P-Lthf7xsAlka1uUvWUjMHpApd-X6IS3GQUp2R4E60Xhpga2kwK7gg.jpg@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
35 kB (35240 bytes)
Hash
273651e0c0500515590408c9341e1b6c
8e426b6da337b677f23e3ceadf96b4e5749da0ee
ec26b0345c2deff838cb3adcd38a12b304228cb6e466d5e3c4e1761a3269140d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/b31Gws6KhBIwk-iwi98hY3gNsEcvtN7SHgQWfAS1S2pVh8P-Lthf7xsAlka1uUvWUjMHpApd-X6IS3GQUp2R4E60Xhpga2kwK7gg.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/avif
content-length: 35240
cache-control: public, max-age=31536000
content-disposition: inline; filename="b31Gws6KhBIwk-iwi98hY3gNsEcvtN7SHgQWfAS1S2pVh8P-Lthf7xsAlka1uUvWUjMHpApd-X6IS3GQUp2R4E60Xhpga2kwK7gg.avif"
content-security-policy: script-src 'none'
etag: "xlg5b1aJN0wEm5fM9W-pwGes5IuQ2UVu2WSuFNlmdfI/RIjY3NWU5NjEyLTEzMDE4Ig"
expires: Fri, 02 Jan 2026 05:07:36 GMT
x-request-id: 7E-wSLmMTT9HVWGI0uQ7f
cf-cache-status: HIT
age: 1521265
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f9dc67eb51-CPH
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/bonus.8be9e8f98-362.png@avif

154.197.121.128

200 OK

5.3 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/bonus.8be9e8f98-362.png@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
5.3 kB (5298 bytes)
Hash
2644fa31ed595bed0cb922c0c7539272
de9318bf140b0f2ea79f367170734ff434917747
8b139975393524fcf487dbb870a640733d99cfb4352c679c7449baf2ca2babcd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/bonus.8be9e8f98-362.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/avif
content-length: 5298
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.avif"
content-security-policy: script-src 'none'
etag: "xlg5b1aJN0wEm5fM9W-pwGes5IuQ2UVu2WSuFNlmdfI/RIjY2YTM4MzhmLWMyMGQi"
x-request-id: fYqFVOXgRnehZo4EYv0_G
cf-cache-status: HIT
age: 13792197
expires: Fri, 02 Jan 2026 05:07:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fa3cc5eb51-CPH
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/cashback.f5a548e68-399.png@png

154.197.121.128

200 OK

46 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/cashback.f5a548e68-399.png@png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 399 x 472, 8-bit colormap, non-interlaced
Size
46 kB (45818 bytes)
Hash
d85dc9c313de5faf79707dc368542b76
c0fdc8b21e873c5abcc712a52bcb52eee788ac82
b210e48700f01e717f0dbee24441732c6c7fd849654b064ae55f426b7bb46308

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/cashback.f5a548e68-399.png@png HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 45818
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=52533
content-disposition: inline; filename="cashback.f5a548e68-399.png"
content-security-policy: script-src 'none'
etag: "oN-atjIedSHeipdyd-P-MI0_FeNXF8BfsVvHdE-1i2s/RIjY2YTM4Mzg4LWNjOTki"
x-request-id: SEAOGWuqohqkmT7i0suk7
cf-cache-status: HIT
age: 2874965
expires: Fri, 02 Jan 2026 05:07:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fa3cc3eb51-CPH
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/home-poker-banner-bg.a77f0d650-600.webp

154.197.121.128

200 OK

12 kB

URL
v1.bundlecdn.com/img/home-poker-banner-bg.a77f0d650-600.webp
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
RIFF (little-endian) data, Web/P image
Size
12 kB (12264 bytes)
Hash
45df6c11399190f031e9db37f9f4e785
a8a641e38f707a584b72a5ad5c010e7bbcd7920c
121521ac13372efb3f1ab4c324432d8660fbea196e96df7916ce7457699705a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home-poker-banner-bg.a77f0d650-600.webp HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/webp
content-length: 12264
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: "6772bd7f-2fe8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fa3cc6eb51-CPH
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/pwa_android_en.b229a444a-690.png

154.197.121.128

200 OK

33 kB

URL
v1.bundlecdn.com/img/pwa_android_en.b229a444a-690.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced
Size
33 kB (33278 bytes)
Hash
43e03a24e305838eac0629c5cbf85550
85c71568d1008a17b928ac548987911daf187020
368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6772bd7f-9305"
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
cf-cache-status: HIT
age: 790
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fa6cd7eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/pwa_ios_en.f08ddb1e6-690.png

154.197.121.128

200 OK

35 kB

URL GET HTTP/2
v1.bundlecdn.com/img/pwa_ios_en.f08ddb1e6-690.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced
Size
35 kB (34925 bytes)
Hash
232d05b165c6b0fc9695db490aa71f47
f04ccc74ebd190747114ceeb882d51db8e9268c6
9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 34925
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6772bd7f-989a"
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fb3d9eeb51-CPH
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/casino-mentor.f6b6387ac-172.png

154.197.121.128

200 OK

1.9 kB

URL
v1.bundlecdn.com/img/casino-mentor.f6b6387ac-172.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 172 x 50, 8-bit colormap, non-interlaced
Size
1.9 kB (1857 bytes)
Hash
3ec6ec7d9016e953c300249c2af5704f
e7b2ec568a2118a744cdd1fabe6fa8959c637532
135d5b6cdac55c8f3598b1d5d04bcf737608501709df2567d270fd30ba02b25a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/casino-mentor.f6b6387ac-172.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/png
content-length: 1857
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1976
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6772bd7f-7b8"
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
cf-cache-status: HIT
age: 5330
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fc5e65eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/86359.7c408a029.js

154.197.121.128

200 OK

7.2 kB

URL GET HTTP/2
v1.bundlecdn.com/js/86359.7c408a029.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
7.2 kB (7228 bytes)
Hash
fdebe63512a0b7b7ad82a099ae254f0f
ea61fdc3cdf73f1ad8f64cc07baa0c1539cf8cee
a0baff77b4078a9ffbf7f7065e51b3b57e4d59ee81a66babced69bb4ef67af54

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/86359.7c408a029.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 03 Nov 2024 19:20:56 GMT
etag: W/"6727cd18-27a"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 4118411
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f6e96beb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/best-bitcoin-casino.9c1716b1a-50.png

154.197.121.128

200 OK

972 B

URL
v1.bundlecdn.com/img/best-bitcoin-casino.9c1716b1a-50.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced
Size
972 B (972 bytes)
Hash
d75b75efec83a2230764a8fed9d1dd3e
ee4318789396290da2017d433fe622b9a005aff2
24397ec04f26d6b7c9465094a088ab89e4a4216accd5cb45e8563f694dd3fcd5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/best-bitcoin-casino.9c1716b1a-50.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/png
content-length: 972
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1035
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6772bd7f-40b"
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
cf-cache-status: HIT
age: 5330
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fc5e67eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/cricket-betting-guru.cfe7d4265-500.png

154.197.121.128

200 OK

8.1 kB

URL GET HTTP/2
v1.bundlecdn.com/img/cricket-betting-guru.cfe7d4265-500.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 500 x 500, 8-bit colormap, non-interlaced
Size
8.1 kB (8067 bytes)
Hash
953b3b7e0c94ed3c3af678f19b076c5a
993c897eadbd5f11f4fa712cda067ea633c8e68f
d996933d2daf078f08f1460583730af70894c8e2317c273661c10aa3affc5acd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cricket-betting-guru.cfe7d4265-500.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/png
content-length: 8067
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9249
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6772bd7f-2421"
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
cf-cache-status: HIT
age: 5330
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fc6e6ceb51-CPH
X-Firefox-Spdy: h2

v1.bundlecdn.com/js/58258.c2b2b6c85.js

154.197.121.128

200 OK

15 kB

URL
v1.bundlecdn.com/js/58258.c2b2b6c85.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
JavaScript source, ASCII text, with very long lines (12901)
Size
15 kB (14570 bytes)
Hash
a1d2aab394bf59ac265f06bde6d7990b
4f51a47d58aa588ca984a7aab9da012ec32b6bd6
2b89f1dbb145e184ed6781b272cb6204670164a065467f6899c34fb54620e5a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/58258.c2b2b6c85.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 22 Aug 2024 12:57:33 GMT
etag: W/"66c735bd-a8c"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 11462602
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f8ab73eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/ufc.0ef6261ee.svg

154.197.121.128

200 OK

102 kB

URL GET HTTP/2
v1.bundlecdn.com/img/ufc.0ef6261ee.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
102 kB (101556 bytes)
Hash
7c0a57c227d94565a99b4b59b493df7d
91dcec3af6a1169a945f75d94e3e2c807be74b7c
dfc954d36401fd77e2a7c08ab23cc388cf805ac6f25bbdb8fc2e9ffd0d758f84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ufc.0ef6261ee.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-527"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5330
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fc4e4deb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/fiba.4b405b699.svg

154.197.121.128

200 OK

102 kB

URL GET HTTP/2
v1.bundlecdn.com/img/fiba.4b405b699.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
102 kB (101725 bytes)
Hash
b48536baf50fd9bf6e6239c0084c0ed4
30e28367d11fa20eb5bfedb44ae9f5f65e020d9b
23fc8b88ef4cc039e1edd6cae7ddb89e8746287895354f7230c8db13e9fd58e7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fiba.4b405b699.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-4ce"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5330
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fc4e50eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif

154.197.121.128

200 OK

6.3 kB

URL
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
6.3 kB (6321 bytes)
Hash
049927e2f79d1b3f7c0db06be6378930
bc6a9c76a5027d6e63381bb7cf0ff70068d06792
8488c7746bd184e9f0210a44f098d433e1f94e2bec27d1e26c2b75cf82250b17

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/avif
content-length: 6321
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTY2NmI4LTJiMmQxIg"
x-request-id: LDuzVMM70ZJsbLLdk3Gx9
cf-cache-status: HIT
age: 1150128
expires: Fri, 02 Jan 2026 05:07:37 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fee859eb51-CPH
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/20ea037b-301f-46d5-993f-76d1b4319da3_horizontal.png@avif

154.197.121.128

200 OK

3.3 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/20ea037b-301f-46d5-993f-76d1b4319da3_horizontal.png@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
3.3 kB (3343 bytes)
Hash
03b40fe24d2ea94e957d111516512961
e290134ace7adc10ab1af3365c8897e9a8099f2d
b985e921f52d4c399638baa2b88a3fe289470b80dff6568a742a6d86e2c587cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/20ea037b-301f-46d5-993f-76d1b4319da3_horizontal.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/avif
content-length: 3343
cache-control: public, max-age=31536000
content-disposition: inline; filename="20ea037b-301f-46d5-993f-76d1b4319da3_horizontal.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3NDc1MzhmLTMxZGI2Ig"
expires: Fri, 02 Jan 2026 05:07:37 GMT
x-request-id: bfyeCCUAufM_ffuf8XGzm
cf-cache-status: HIT
age: 1129411
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fef85ceb51-CPH
X-Firefox-Spdy: h2

imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif

154.197.121.128

200 OK

5.6 kB

URL
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
5.6 kB (5627 bytes)
Hash
baf3f199ffdfb682bbcd9d3837e517c0
3803d7a122952937942ab92c0724af229c4f2dfe
2e33b0efc808c5c2e8e2741821e0b3aa7f595fd7c5d14b51a5b0b75c5fd87058

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/avif
content-length: 5627
cache-control: public, max-age=31536000
content-disposition: inline; filename="0c8b561e-d1d5-4e08-903f-f0b53d280c7c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MThkLTE2MjkwIg"
x-request-id: xSIFa_BB-AJIOkHNA_Smm
cf-cache-status: HIT
age: 13792198
expires: Fri, 02 Jan 2026 05:07:37 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fef861eb51-CPH
X-Firefox-Spdy: h2

imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif

154.197.121.128

200 OK

5.1 kB

URL
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
5.1 kB (5077 bytes)
Hash
0131107e356bbb0684b033f09163f74e
63939e6ef305b01669a2202576dda3acab39602a
4bd1f88bf3e9f182eb3340d81ce2ba4ca846c5797363acea1907a206043d4baa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/avif
content-length: 5077
cache-control: public, max-age=31536000
content-disposition: inline; filename="e47f89a4-3663-4c9d-bc45-fe1845d34e1b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MTA2LTRjMTU0Ig"
expires: Fri, 02 Jan 2026 05:07:37 GMT
x-request-id: POksvXfjFeoQDE59FHtcK
cf-cache-status: HIT
age: 3432321
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fef863eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/font/SFNSText-latin-ext.7b2e9f978.woff2

154.197.121.128

200 OK

66 kB

URL GET HTTP/2
v1.bundlecdn.com/font/SFNSText-latin-ext.7b2e9f978.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
Web Open Font Format (Version 2), TrueType, length 66380, version 1.0
Size
66 kB (66380 bytes)
Hash
596f2ad6f5c9fb3a33ac4de1e6bf0f94
c62868912f7734be8d11557afb4a097639b3056d
81031d43b18adffe1f1b35bf4478f743740e8a36c5fde38ffccad79fcb479c30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSText-latin-ext.7b2e9f978.woff2 HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://v1.bundlecdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: application/octet-stream
content-length: 66380
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: "6772bd7f-1034c"
expires: Sun, 31 Dec 2034 05:07:37 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fecf9510c1-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/uefa.093dd4fef.svg

154.197.121.128

200 OK

1.5 kB

URL GET HTTP/2
v1.bundlecdn.com/img/uefa.093dd4fef.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1493 bytes)
Hash
58336a3eb585891ddf3dc4fb9eab3991
a054b920d76ff8e04526c4f45a6ecf52946d08c9
c3ada4cdc41454b50dbfb4cd218f619933613aaef10cc0f8b64148da1035e3e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/uefa.093dd4fef.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-782"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5330
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fc4e4beb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/playbro.6853e7d6a.svg

154.197.121.128

200 OK

7.7 kB

URL
v1.bundlecdn.com/img/playbro.6853e7d6a.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
7.7 kB (7744 bytes)
Hash
baf4b32998d463dda043fb8e48933f2e
ad92902709f739914c610619ac2501484242f7ec
555661d613a64947c92f87e178be9770f18b715c096cda8408fe60e87b990152

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/playbro.6853e7d6a.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-1559"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 790
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a025bdbeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/48430.2ae3ab266.js

154.197.121.128

200 OK

6.3 kB

URL GET HTTP/2
v1.bundlecdn.com/js/48430.2ae3ab266.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
6.3 kB (6298 bytes)
Hash
31c0d6ae730edd1eea5ddb6ac1e00233
cb0dc4df50a73fa9da7c3cdc4318b0b75fc53852
c8c11f2ea62ba400893c116496e6cc36bb19f1bacb6f9b8f32c64a21c82d85f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/48430.2ae3ab266.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 28 Oct 2024 15:44:47 GMT
etag: W/"671fb16f-496"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 4118411
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f6f982eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

1wmlv.com/common/title?path=bets&lang=en

186.2.162.102

200 OK

12 kB

URL
1wmlv.com/common/title?path=bets&lang=en
IP
186.2.162.102:0
ASN
#59692 IQWeb FZ-LLC

File type
gzip compressed data, from Unix
Size
12 kB (12096 bytes)
Hash
1876f2c9fa297b7b9d7f5af0589e6844
6d4da4133766889d609c3a957e7168f0b55378e4
9641bb1ff722bccd2939c8382f6849827e884e11a7d7dcdac410eb9b9b9d9f1a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/title?path=bets&lang=en HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Origin: 1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=C9sfkEEJIseuC87p; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=fwbJYTirxqYpoIuw; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:36 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:36 GMT
__ddg10_=1735794456; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:36 GMT
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"25-bM/5z02X/xOkKbh8eZCiJpcKcd0"
vary: Origin, Accept-Encoding
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/nolimit%20city.5b7440267.svg

154.197.121.128

200 OK

12 kB

URL GET HTTP/2
v1.bundlecdn.com/img/nolimit%20city.5b7440267.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
12 kB (11650 bytes)
Hash
e7909b4c767f50c2255e22b778c04e37
9e622e0a59c41a9bc76b08e66b58b59b7ea08902
9ebd1c56b22df3a76e7b4d3e5c26ae5cf60995c79509c59fa365246088ceac54

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/nolimit%20city.5b7440267.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-693"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 790
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a023bb2eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/iron%20dog%20studio.50834cffd.svg

154.197.121.128

200 OK

14 kB

URL GET HTTP/2
v1.bundlecdn.com/img/iron%20dog%20studio.50834cffd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
14 kB (14134 bytes)
Hash
bae33712468e96cf9fc74c2acf9d1b61
b4507c147cbbfa42fe2c957c5b787c75fdaced49
8e7ab4303758bfb891c96ee77d441010a5aa9f3370063a48a3577aa03fb6b47c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/iron%20dog%20studio.50834cffd.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-3aa8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a01ab21eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

1wmlv.com/casino-images/1/categories/233/26fc5eb8-15ea-488b-adca-285e9213f59e_horizontal.svg

186.2.162.102

200 OK

8.1 kB

URL
1wmlv.com/casino-images/1/categories/233/26fc5eb8-15ea-488b-adca-285e9213f59e_horizontal.svg
IP
186.2.162.102:0
ASN
#59692 IQWeb FZ-LLC

File type
SVG Scalable Vector Graphics image
Size
8.1 kB (8110 bytes)
Hash
9bb335f567a0950a815e9f55e367da09
9333169f35f69b11d7a9007cac62c0995d849106
2e39f36f128622043de0f7f2ec9097d13c90307bf3407392eb4a6bb1d7625b27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/233/26fc5eb8-15ea-488b-adca-285e9213f59e_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=gpTI4SrFtvvq3rCc; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"676428d2-680"
last-modified: Thu, 19 Dec 2024 14:08:18 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

1wmlv.com/casino-images/1/categories/343/c913277c-df42-465a-a458-817adb36f099_horizontal.svg

186.2.162.102

200 OK

8.9 kB

URL
1wmlv.com/casino-images/1/categories/343/c913277c-df42-465a-a458-817adb36f099_horizontal.svg
IP
186.2.162.102:0
ASN
#59692 IQWeb FZ-LLC

File type
SVG Scalable Vector Graphics image
Size
8.9 kB (8925 bytes)
Hash
468df0cd9546410a3d003671a9f67a01
abc3dbd74f54ace9a886b92ccecbf715b8e9f04f
c916072fd5a5ceaa3ea42af7f003e5b7ba05b3a9b85e03e9724ecf9acece5758

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/343/c913277c-df42-465a-a458-817adb36f099_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=jCYYmoUKT1wNYXYU; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67691d0d-d8c"
last-modified: Mon, 23 Dec 2024 08:19:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/boldplay.70a46bd71.svg

154.197.121.128

200 OK

23 kB

URL GET HTTP/2
v1.bundlecdn.com/img/boldplay.70a46bd71.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
23 kB (22612 bytes)
Hash
4b126b85c7325054c507c2b4cf1f3427
426e48d2ede827667031c4af64339fc7fbbdbcbf
4391ef71d6ca702a8ec53ac0566bb746f581d8b627439d58886633ba70587a4c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/boldplay.70a46bd71.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-123c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a0069e7eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/atmosfera.32402e33f.svg

154.197.121.128

200 OK

14 kB

URL GET HTTP/2
v1.bundlecdn.com/img/atmosfera.32402e33f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
14 kB (14138 bytes)
Hash
5fd90811fecc4eefc3d578f820461598
b734bcf79e6325548bafe9fad9e5b8df55821f88
a2d4be322ce5b9cbc70bba69ad00c70a2bf896d7ab032e9c4953201386646faa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/atmosfera.32402e33f.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-230d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 790
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ffe990eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/78449.176d64123.js

154.197.121.128

200 OK

7.7 kB

URL GET HTTP/2
v1.bundlecdn.com/js/78449.176d64123.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
7.7 kB (7650 bytes)
Hash
f593d495841d785d696443513fcba580
c19121dd698164feb8a9e32a85729adb3971dddc
947e5c649ca2be36cd321def5b8b66affe0e6630dcd2741637343d8196ac8f0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/78449.176d64123.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 01 Nov 2024 14:37:27 GMT
etag: W/"6724e7a7-312"
expires: Sun, 31 Dec 2034 05:07:37 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 4165470
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ff68a7eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/c_c8e904ac4dabe3818f06e49a09fdaac0.png@avif

154.197.121.128

200 OK

11 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/c_c8e904ac4dabe3818f06e49a09fdaac0.png@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
11 kB (10623 bytes)
Hash
e2227570275ba389e1068f78f0ca10c6
da051d5c1b85dadc6fbfc2b22b579f5f8724b40b
ba00ff6d28028495ea53e0dfbb9258a8500247bb2c38c1c9c9fe2b2785bb85bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/c_c8e904ac4dabe3818f06e49a09fdaac0.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 10623
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_c8e904ac4dabe3818f06e49a09fdaac0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYyOGUyMTg2LTkwOTI4Ig"
x-request-id: cWcAT6nyVvvY9SYHjmyww
cf-cache-status: HIT
age: 3432400
expires: Fri, 02 Jan 2026 05:07:38 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a050e1aeb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/7mojos%20slots.c8ad63b4f.svg

154.197.121.128

200 OK

18 kB

URL GET HTTP/2
v1.bundlecdn.com/img/7mojos%20slots.c8ad63b4f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
18 kB (17474 bytes)
Hash
806ac98180b9707c6ee5099460fd7772
1341780f3ac4b203a4feb96a66c4421156f93fc7
87fad553095e8e9c860b0aa7d2303929fbcce950574a2d4d2a13cc12439de1bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/7mojos%20slots.c8ad63b4f.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-233d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ff589beb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/5/f5034c16-290a-4d3d-a2f0-adeb2a9943a4_horizontal.svg

186.2.162.102

200 OK

13 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/5/f5034c16-290a-4d3d-a2f0-adeb2a9943a4_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
13 kB (13247 bytes)
Hash
9ffc49f2a3e70581ccc585b411fba2bf
d88b12944efb3ca65cae63fed1c73feee4ef8b40
da24a72c168ca7d8df33c67000312363bfb91eab919ebca8ad261ab26bf18200

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/5/f5034c16-290a-4d3d-a2f0-adeb2a9943a4_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=nXrYiQ1iAc6RbxhT; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67642c47-109b"
last-modified: Thu, 19 Dec 2024 14:23:03 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/tadagaming.049fea1ab.svg

154.197.121.128

200 OK

9.2 kB

URL
v1.bundlecdn.com/img/tadagaming.049fea1ab.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
9.2 kB (9232 bytes)
Hash
f34cd41b1908e26c1a173e4287f6ddbc
02dc613e7d3239a00f1559bdd82b583620f9c567
b4fd90055f27d12193ee0b80f0ee0d4f338fdeb31171d0665ca741cc6ad42d5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/tadagaming.049fea1ab.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-f9a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a02fc68eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/306/60344c68-15b0-42a4-847b-91a1f8508ad9_horizontal.svg

186.2.162.102

200 OK

7.3 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/306/60344c68-15b0-42a4-847b-91a1f8508ad9_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
7.3 kB (7343 bytes)
Hash
a83dc32325a0adef26b23326e57d9bf4
28ca967a0be2671784cb39ae5b057a4bff20fe6f
eb59acf1f40f7260e5750689857644b9b8703f195af303745531b96cb59cf8eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/306/60344c68-15b0-42a4-847b-91a1f8508ad9_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=byE3nsdmAzZd0XwH; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67642d7b-873"
last-modified: Thu, 19 Dec 2024 14:28:11 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/smartsoft.d4a2c90f3.svg

154.197.121.128

200 OK

7.7 kB

URL
v1.bundlecdn.com/img/smartsoft.d4a2c90f3.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
7.7 kB (7680 bytes)
Hash
40b22d40903398385452123b906ac1a1
3f921919aa882adde88b699ffab088761ed16ea2
fb804546355f88e87a3d98a0cd7ae9e72539a89f7caf2e111bd5608110dd141a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/smartsoft.d4a2c90f3.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-112f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7132
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a02ec58eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/thunderspin.c2166ddfc.svg

154.197.121.128

200 OK

9.2 kB

URL
v1.bundlecdn.com/img/thunderspin.c2166ddfc.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
9.2 kB (9195 bytes)
Hash
94aabfc839a91f521c57d523889775a2
36edb40916493ca18abf21732844eac85dc06176
b425b42c7f3a9f62c625ed40b275071d8604a8fb4f94b8629e25a060dbd9fe36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/thunderspin.c2166ddfc.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-7df"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a02fc6deb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/zillion.c0e3dd6f0.svg

154.197.121.128

200 OK

6.6 kB

URL GET HTTP/2
v1.bundlecdn.com/img/zillion.c0e3dd6f0.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
6.6 kB (6594 bytes)
Hash
86b7979d2f6ca4d87ea29c629cf33bd7
50e5315312235e3648b498be3a2cdf6fe91f70a7
a01806e262d05d81fc799f402ec55a0b4d59bba219fabedaf193d8d267033e7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/zillion.c0e3dd6f0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-2ac"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 791
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a031ca2eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/mrslotty/f9cc8ccf-6d24-4c5a-b3cd-929a99af8e9d.png@avif

154.197.121.128

200 OK

10 kB

URL
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/mrslotty/f9cc8ccf-6d24-4c5a-b3cd-929a99af8e9d.png@avif
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
10 kB (10121 bytes)
Hash
dfcb5f07a3e01625c136956a5a7be8b9
be851edbb36cd1367c5881afdd6e7a949883a558
5b26d6b43c6a1414ff8f39adc739fe128450ce66f7c41fa4308fe0c98666e7b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/mrslotty/f9cc8ccf-6d24-4c5a-b3cd-929a99af8e9d.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 10121
cache-control: public, max-age=31536000
content-disposition: inline; filename="f9cc8ccf-6d24-4c5a-b3cd-929a99af8e9d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODFiZTNmLTU1ZDBiIg"
x-request-id: 9fEEzDOrP7vR34FgfGcyu
cf-cache-status: HIT
age: 2798825
expires: Fri, 02 Jan 2026 05:07:38 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a053e40eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/thunderkick.6962312e1.svg

154.197.121.128

200 OK

4.9 kB

URL GET HTTP/2
v1.bundlecdn.com/img/thunderkick.6962312e1.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
4.9 kB (4914 bytes)
Hash
ef9547527cd55c73c1fa3c9a6c8d81f1
e3b6c425bad115a04f8145f951727246cfef7af2
536f29d0001067d350b8f892b26fff0aad4cff8857a48e0a7d8ef428cd4c77f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/thunderkick.6962312e1.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a02fc6beb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

1wmlv.com/casino-images/1/categories/210002/7270e379-0eb6-41d3-ac99-f7e6cac5e022_horizontal.svg

186.2.162.102

200 OK

7.2 kB

URL
1wmlv.com/casino-images/1/categories/210002/7270e379-0eb6-41d3-ac99-f7e6cac5e022_horizontal.svg
IP
186.2.162.102:0
ASN
#59692 IQWeb FZ-LLC

File type
SVG Scalable Vector Graphics image
Size
7.2 kB (7241 bytes)
Hash
468df0cd9546410a3d003671a9f67a01
abc3dbd74f54ace9a886b92ccecbf715b8e9f04f
c916072fd5a5ceaa3ea42af7f003e5b7ba05b3a9b85e03e9724ecf9acece5758

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/210002/7270e379-0eb6-41d3-ac99-f7e6cac5e022_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=tL6YbNS97oqZZGJG; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"676bc8f4-d8c"
last-modified: Wed, 25 Dec 2024 08:57:24 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/worldmatch.9f3d40aa7.svg

154.197.121.128

200 OK

8.5 kB

URL
v1.bundlecdn.com/img/worldmatch.9f3d40aa7.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
8.5 kB (8462 bytes)
Hash
5ae7e3673efcd082d2895d9b9cbe9448
5eca8268a828e7accb21164c9fe253bb98d52993
796089b899fc7b3ee76ce1df4544d295247ec862445f9e5b1c6dec320b4e8757

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/worldmatch.9f3d40aa7.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-20a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 791
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a031c94eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

v1.bundlecdn.com/img/spinomenal.e0cf93b3a.svg

154.197.121.128

200 OK

10 kB

URL
v1.bundlecdn.com/img/spinomenal.e0cf93b3a.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
10 kB (10492 bytes)
Hash
ad6df47b2cbebeeea5aa3d889739e3d5
1672b9bf66afab3a7541333877df9afb924f75d5
c839f1a0aae578caf9e7746c81d9cce97cbe447871eae6c3880b6e4a79b02b74

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spinomenal.e0cf93b3a.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-8d0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4134
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a02fc64eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/blue%20horn.1046a5d23.svg

154.197.121.128

200 OK

11 kB

URL GET HTTP/2
v1.bundlecdn.com/img/blue%20horn.1046a5d23.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
11 kB (11118 bytes)
Hash
797d8586db856e4d3a3dca7f0ac97c37
ca25a4779c6fcace5302e453b30527414e74e25c
67e5b83793e1a11c97436d4c27d962f9819467c4423b5980a1e18b3283eda36d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/blue%20horn.1046a5d23.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-683"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a0069e5eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET d16q5vvir3f28d.cloudfront.net/raffle-december-action/headerLink.png

143.204.42.156

200 OK

3.6 kB

URL GET HTTP/2
d16q5vvir3f28d.cloudfront.net/raffle-december-action/headerLink.png
IP
143.204.42.156:443
ASN
#16509 AMAZON-02

Requested by
https://1wmlv.com/
Certificate
IssuerAmazon
Subject*.cloudfront.net
Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62
ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT

File type
PNG image data, 124 x 48, 8-bit colormap, non-interlaced
Size
3.6 kB (3567 bytes)
Hash
8fde0e46385bf3bf1777a42348668022
20281616a456ad069d69c777f28c87f4a409699f
d1668063446fd1d3f4560582cedc11c46e91eeb615e0df007dc97024a41c63ab

HTTP Headers

GET /raffle-december-action/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 3567
date: Wed, 01 Jan 2025 20:31:07 GMT
last-modified: Thu, 12 Dec 2024 10:43:49 GMT
etag: "8fde0e46385bf3bf1777a42348668022"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 473inIAEd_Zz5Qf4LmisZ-s6c7h1iD8tXrXtZzPqcVX081jGvIXw5Q==
age: 30991
X-Firefox-Spdy: h2

GET 1wmlv.com/firebase/8.1.1/firebase-messaging.js

186.2.162.102

200 OK

233 kB

URL GET HTTP/2
1wmlv.com/firebase/8.1.1/firebase-messaging.js
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
JavaScript source, ASCII text, with very long lines (40719)
Size
233 kB (232724 bytes)
Hash
450e8b32262706d42cfdd438c49208f5
31c7e4aac1d1303c1e83a0b591abc3501e278668
58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=FX37RV4dSbXiXnbc; __ddg9_=91.90.42.154; __ddg10_=1735794455; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=C9sfkEEJIseuC87p; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:36 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:36 GMT
__ddg10_=1735794456; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:36 GMT
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4cc1v894728184z8894400803za200zb894400803&_p=1735794455929&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1397201438.1735794459&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1735794458&sct=1&seg=0&dl=https%3A%2F%2F1wmlv.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=5157

216.239.34.36

204 No Content

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4cc1v894728184z8894400803za200zb894400803&_p=1735794455929&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1397201438.1735794459&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1735794458&sct=1&seg=0&dl=https%3A%2F%2F1wmlv.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=5157
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4cc1v894728184z8894400803za200zb894400803&_p=1735794455929&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1397201438.1735794459&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1735794458&sct=1&seg=0&dl=https%3A%2F%2F1wmlv.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=5157 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wmlv.com/
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1wmlv.com
date: Thu, 02 Jan 2025 05:07:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1397201438.1735794459&gtm=45je4cc1v894728184z8894400803za200zb894400803&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=273973932

142.250.74.131

200 OK

42 B

URL
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1397201438.1735794459&gtm=45je4cc1v894728184z8894400803za200zb894400803&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=273973932
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1397201438.1735794459&gtm=45je4cc1v894728184z8894400803za200zb894400803&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=273973932 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Jan 2025 05:07:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET res.1wcommon.com/mBJpRGK43hrgM21a?da5e37fd9c6158da=VIk3uNaWrhE6K7LoaJqR7jPHcjy5Yj5LFeUKxWstn6SZJOvud3xSfqJqqOfFlf8UNoqtxnA-Br6tkT-lVr1NT7ciDWuaDUigST6anwAKLxdxhqjoR3vLOuCzrp8Pzo7UfJuBFVKCeKln_ptFLhtd9pDH-WUBHiAI1reof2M

91.235.132.77

200 OK

81 B

URL GET HTTP/1.1
res.1wcommon.com/mBJpRGK43hrgM21a?da5e37fd9c6158da=VIk3uNaWrhE6K7LoaJqR7jPHcjy5Yj5LFeUKxWstn6SZJOvud3xSfqJqqOfFlf8UNoqtxnA-Br6tkT-lVr1NT7ciDWuaDUigST6anwAKLxdxhqjoR3vLOuCzrp8Pzo7UfJuBFVKCeKln_ptFLhtd9pDH-WUBHiAI1reof2M
IP
91.235.132.77:443
ASN
#30286 THM

Requested by
https://1wmlv.com/
Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type
PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced
Size
81 B (81 bytes)
Hash
1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

HTTP Headers

GET /mBJpRGK43hrgM21a?da5e37fd9c6158da=VIk3uNaWrhE6K7LoaJqR7jPHcjy5Yj5LFeUKxWstn6SZJOvud3xSfqJqqOfFlf8UNoqtxnA-Br6tkT-lVr1NT7ciDWuaDUigST6anwAKLxdxhqjoR3vLOuCzrp8Pzo7UfJuBFVKCeKln_ptFLhtd9pDH-WUBHiAI1reof2M HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:39 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png

GET res.1wcommon.com/aeemmcNwdGj0U5QU?9e985d209c68f8a0=T1es9NLEMYe2WtIIdDxq7989NcY5rcbip7NYNslJ9SSpU_nyjnD5UtLnd-tbwzATcMDtOpWTDf4nV78cjtHgavUgb2t9deu7QhG4e5kYNG4zi-yP1yRo8D5AG6xXStQFyL5pjPLSqp0O7qw_b1mtf-HGAGezNFxeQg7-2gg

91.235.132.77

200 OK

81 B

URL GET HTTP/1.1
res.1wcommon.com/aeemmcNwdGj0U5QU?9e985d209c68f8a0=T1es9NLEMYe2WtIIdDxq7989NcY5rcbip7NYNslJ9SSpU_nyjnD5UtLnd-tbwzATcMDtOpWTDf4nV78cjtHgavUgb2t9deu7QhG4e5kYNG4zi-yP1yRo8D5AG6xXStQFyL5pjPLSqp0O7qw_b1mtf-HGAGezNFxeQg7-2gg
IP
91.235.132.77:443
ASN
#30286 THM

Requested by
https://1wmlv.com/
Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type
PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced
Size
81 B (81 bytes)
Hash
1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

HTTP Headers

GET /aeemmcNwdGj0U5QU?9e985d209c68f8a0=T1es9NLEMYe2WtIIdDxq7989NcY5rcbip7NYNslJ9SSpU_nyjnD5UtLnd-tbwzATcMDtOpWTDf4nV78cjtHgavUgb2t9deu7QhG4e5kYNG4zi-yP1yRo8D5AG6xXStQFyL5pjPLSqp0O7qw_b1mtf-HGAGezNFxeQg7-2gg HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:39 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png

1wmlv.com/analytics/events?event_name=time_first_load&pgi=GTM-KGKQDC7

186.2.162.102

204 No Content

0 B

URL
1wmlv.com/analytics/events?event_name=time_first_load&pgi=GTM-KGKQDC7
IP
186.2.162.102:0
ASN
#59692 IQWeb FZ-LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=time_first_load&pgi=GTM-KGKQDC7 HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 581
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=tL6YbNS97oqZZGJG; __ddg9_=91.90.42.154; __ddg10_=1735794457; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1ODkxNCUyQyUyMmxhc3RFdmVudElkJTIyJTNBMSUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1; _ga_548949LWLW=GS1.1.1735794458.1.0.1735794459.59.0.0; _ga=GA1.1.1397201438.1735794459; _gcl_au=1.1.434243715.1735794459
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=glHl4UIJLpCyQQbm; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:39 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:39 GMT
__ddg10_=1735794459; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:39 GMT
date: Thu, 02 Jan 2025 05:07:39 GMT
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
X-Firefox-Spdy: h2

GET res.1wcommon.com/1x2cIR7yrA0bYh0c?0ef3aa0d1cdfba90=9I4Ri9FGcP0qP7GUQDz5spfgbgEJTNTNM3qoOLNMaGSrKtju-EsoFR0aoLxFw22YIzN9XQqPJPCi41w4J9cdo5ozsfbvmyapoWetNdwP86HOknH31ypLnX6N6fpJ9psxx3dbqWNUMaka9DgrcRccu6Q4zv3KkG58s8osqGxJzvsX26PH72f5nvp400DUvdgy1DT9mbnbf0KPrhQf&jb=3138242668736775354e696c7570266271673544696e7770246873623f46697065646f7a2732323934

91.235.132.77

200 OK

70 kB

URL GET HTTP/1.1
res.1wcommon.com/1x2cIR7yrA0bYh0c?0ef3aa0d1cdfba90=9I4Ri9FGcP0qP7GUQDz5spfgbgEJTNTNM3qoOLNMaGSrKtju-EsoFR0aoLxFw22YIzN9XQqPJPCi41w4J9cdo5ozsfbvmyapoWetNdwP86HOknH31ypLnX6N6fpJ9psxx3dbqWNUMaka9DgrcRccu6Q4zv3KkG58s8osqGxJzvsX26PH72f5nvp400DUvdgy1DT9mbnbf0KPrhQf&jb=3138242668736775354e696c7570266271673544696e7770246873623f46697065646f7a2732323934
IP
91.235.132.77:443
ASN
#30286 THM

Requested by
https://1wmlv.com/
Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (15506)
Size
70 kB (70436 bytes)
Hash
b90f8870f03f91d37abb9cccae19610a
e188987b0f24ab3ae98e854c31b5960090853062
3043315e345a454ad467a1a5f1e07ec06ccec3a00c4a2d0a6f18efbb09df1dad

HTTP Headers

GET /1x2cIR7yrA0bYh0c?0ef3aa0d1cdfba90=9I4Ri9FGcP0qP7GUQDz5spfgbgEJTNTNM3qoOLNMaGSrKtju-EsoFR0aoLxFw22YIzN9XQqPJPCi41w4J9cdo5ozsfbvmyapoWetNdwP86HOknH31ypLnX6N6fpJ9psxx3dbqWNUMaka9DgrcRccu6Q4zv3KkG58s8osqGxJzvsX26PH72f5nvp400DUvdgy1DT9mbnbf0KPrhQf&jb=3138242668736775354e696c7570266271673544696e7770246873623f46697065646f7a2732323934 HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:39 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
tmx-nonce: 5f8e5a9ef08d034f
X-Robots-Tag: noindex, nofollow
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked

POST 1wmlv.com/analytics/pv?pgi=GTM-KGKQDC7

186.2.162.102

204 No Content

0 B

URL POST HTTP/2
1wmlv.com/analytics/pv?pgi=GTM-KGKQDC7
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/pv?pgi=GTM-KGKQDC7 HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 442
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=tL6YbNS97oqZZGJG; __ddg9_=91.90.42.154; __ddg10_=1735794457; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1ODkxNCUyQyUyMmxhc3RFdmVudElkJTIyJTNBMSUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1; _ga_548949LWLW=GS1.1.1735794458.1.0.1735794459.59.0.0; _ga=GA1.1.1397201438.1735794459; _gcl_au=1.1.434243715.1735794459
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=lQO1SuHeG5SG0g8A; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:39 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:39 GMT
__ddg10_=1735794459; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:39 GMT
date: Thu, 02 Jan 2025 05:07:39 GMT
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
X-Firefox-Spdy: h2

POST 1wmlv.com/analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7

186.2.162.102

204 No Content

0 B

URL POST HTTP/2
1wmlv.com/analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7 HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 525
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=lQO1SuHeG5SG0g8A; __ddg9_=91.90.42.154; __ddg10_=1735794459; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1ODkxNCUyQyUyMmxhc3RFdmVudElkJTIyJTNBMSUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1; _ga_548949LWLW=GS1.1.1735794458.1.0.1735794459.59.0.0; _ga=GA1.1.1397201438.1735794459; _gcl_au=1.1.434243715.1735794459
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=InYDG1J7UdQ1aOIP; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:39 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:39 GMT
__ddg10_=1735794459; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:39 GMT
date: Thu, 02 Jan 2025 05:07:39 GMT
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
X-Firefox-Spdy: h2

POST www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2F1wmlv.com%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=6168941.1735794459&dt=1win&auid=434243715.1735794459&navt=n&npa=1&gtm=45be4cc1v9181323879z8894400803za200zb894400803&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1735794459177&tfd=5331&apve=1

142.250.74.164

200 OK

0 B

URL POST HTTP/3
www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2F1wmlv.com%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=6168941.1735794459&dt=1win&auid=434243715.1735794459&navt=n&npa=1&gtm=45be4cc1v9181323879z8894400803za200zb894400803&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1735794459177&tfd=5331&apve=1
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint36:7C:F6:D0:DA:DB:45:E1:80:A6:76:D2:C1:A5:38:1A:0B:8D:99:4E
ValidityMon, 02 Dec 2024 08:35:57 GMT - Mon, 24 Feb 2025 08:35:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ccm/collect?en=page_view&dl=https%3A%2F%2F1wmlv.com%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=6168941.1735794459&dt=1win&auid=434243715.1735794459&navt=n&npa=1&gtm=45be4cc1v9181323879z8894400803za200zb894400803&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1735794459177&tfd=5331&apve=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 200 OK
content-type: text/plain
date: Thu, 02 Jan 2025 05:07:39 GMT
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://1wmlv.com
access-control-expose-headers: date,vary,vary,vary,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

res.1wcommon.com/oxIiiWBRAKsVWQqw?23fbcf3a5b41e323=7tq7zl2n2ByO4XNyhYoDmv7LeWcvtFAKGPA5o6tlT-MwBsmu2QUUYHwkqnp3Cfb_HPicLq5xPSfmIWfJWxJiUEo6yVMbh2OeNksMZh-oV3rMvSNKIrQKWZeal54VSOpghu8xUMh6B9B257vn2PQg0_HJ0p8&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx

91.235.132.77

200 OK

5.9 kB

URL
res.1wcommon.com/oxIiiWBRAKsVWQqw?23fbcf3a5b41e323=7tq7zl2n2ByO4XNyhYoDmv7LeWcvtFAKGPA5o6tlT-MwBsmu2QUUYHwkqnp3Cfb_HPicLq5xPSfmIWfJWxJiUEo6yVMbh2OeNksMZh-oV3rMvSNKIrQKWZeal54VSOpghu8xUMh6B9B257vn2PQg0_HJ0p8&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
IP
91.235.132.77:0
ASN
#30286 THM

Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (311), with CRLF, LF line terminators
Size
5.9 kB (5929 bytes)
Hash
8ac4812fc9918f4faa205abc1d7d6d36
66823280f829dee3540b488d72a68c65e9bdc54b
e09dfa3388c146444c8b15164b9578a55b593c7bd2a68801af7259c38fffdf9e

HTTP Headers

GET /oxIiiWBRAKsVWQqw?23fbcf3a5b41e323=7tq7zl2n2ByO4XNyhYoDmv7LeWcvtFAKGPA5o6tlT-MwBsmu2QUUYHwkqnp3Cfb_HPicLq5xPSfmIWfJWxJiUEo6yVMbh2OeNksMZh-oV3rMvSNKIrQKWZeal54VSOpghu8xUMh6B9B257vn2PQg0_HJ0p8&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-UA-Compatible: IE=Edge
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked

v1.bundlecdn.com/js/8653.80b20a8f2.js

154.197.121.128

200 OK

4.8 kB

URL
v1.bundlecdn.com/js/8653.80b20a8f2.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
4.8 kB (4816 bytes)
Hash
ebe286cd260e52e70e67ce2e3673bc45
5bb0c019dba94e2d2ef9758440ea712de580de54
0b813183fdb2dca6b77b671a724bb49581e9dd2a93681e1d3a944951def4865c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/8653.80b20a8f2.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 07 Nov 2024 13:50:37 GMT
etag: W/"672cc5ad-3b8"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 4094887
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f92bcceb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

res.1wcommon.com/cYyhskKmZZPWaT33?ee68496e6fa9bea3=dAytLKg_d_AOHI5TTJLAJ1D17t2Huu7ns9_SMFQFemvGJEccbxpjL6mqgnfaD5ZDu52emW3SzT1BHJz-s7pShXET8lJz8WUJXLz9G_q60xscKIMP3J3Rvl-5tnNUB5zZ-82uX5res1xHrvUsBk22tQ

91.235.132.77

200 OK

157 B

URL
res.1wcommon.com/cYyhskKmZZPWaT33?ee68496e6fa9bea3=dAytLKg_d_AOHI5TTJLAJ1D17t2Huu7ns9_SMFQFemvGJEccbxpjL6mqgnfaD5ZDu52emW3SzT1BHJz-s7pShXET8lJz8WUJXLz9G_q60xscKIMP3J3Rvl-5tnNUB5zZ-82uX5res1xHrvUsBk22tQ
IP
91.235.132.77:0
ASN
#30286 THM

Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
157 B (157 bytes)
Hash
cdd1622251b2da0e649d6c88ccb270f9
d7722c0329a174db03c27741757daf10403b25c6
3e4cca3a0bb705e28fedbc903b6af6a30973db80f3a244749892d2b2dbd0ac93

HTTP Headers

GET /cYyhskKmZZPWaT33?ee68496e6fa9bea3=dAytLKg_d_AOHI5TTJLAJ1D17t2Huu7ns9_SMFQFemvGJEccbxpjL6mqgnfaD5ZDu52emW3SzT1BHJz-s7pShXET8lJz8WUJXLz9G_q60xscKIMP3J3Rvl-5tnNUB5zZ-82uX5res1xHrvUsBk22tQ HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked

res.1wcommon.com/T6ufYWTTc7qkRffr?28df18c4c6d95a4b=0A5q7UJ9MF8dber0ED0BDf9Cw_mU2vIrjxd2QKOCkmdUs1WtgxGa9ucBXJR7SJvrCqdrLnMcsrBJYL2TnigZviYD8KuAaQA_Sr-ITMV1okj7LrtYeG3GRTEEY2K0aCIiwJ1gplShgtzXkoB4q-kRtFFFDGFzqe4yolCv32uzU7KNCL98S08ZjMFdVrRRzXM8I_i9KH9-nFuVytRjNEw

91.235.132.77

200 OK

16 kB

URL
res.1wcommon.com/T6ufYWTTc7qkRffr?28df18c4c6d95a4b=0A5q7UJ9MF8dber0ED0BDf9Cw_mU2vIrjxd2QKOCkmdUs1WtgxGa9ucBXJR7SJvrCqdrLnMcsrBJYL2TnigZviYD8KuAaQA_Sr-ITMV1okj7LrtYeG3GRTEEY2K0aCIiwJ1gplShgtzXkoB4q-kRtFFFDGFzqe4yolCv32uzU7KNCL98S08ZjMFdVrRRzXM8I_i9KH9-nFuVytRjNEw
IP
91.235.132.77:0
ASN
#30286 THM

Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (15506)
Size
16 kB (15515 bytes)
Hash
85dd414025933acff1132a6d80c07500
9f35e3ebfe8eca1f456d7ac5b379d79fa746cdbe
7771ed2670daff07f5f5df2d1ac7f0bc51ab1b3b658979b509e74ebb4d87b9d6

HTTP Headers

GET /T6ufYWTTc7qkRffr?28df18c4c6d95a4b=0A5q7UJ9MF8dber0ED0BDf9Cw_mU2vIrjxd2QKOCkmdUs1WtgxGa9ucBXJR7SJvrCqdrLnMcsrBJYL2TnigZviYD8KuAaQA_Sr-ITMV1okj7LrtYeG3GRTEEY2K0aCIiwJ1gplShgtzXkoB4q-kRtFFFDGFzqe4yolCv32uzU7KNCL98S08ZjMFdVrRRzXM8I_i9KH9-nFuVytRjNEw HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Robots-Tag: noindex, nofollow
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked

GET res.1wcommon.com/fp/clear.png

91.235.132.77

200 OK

81 B

URL GET HTTP/1.1
res.1wcommon.com/fp/clear.png
IP
91.235.132.77:443
ASN
#30286 THM

Requested by
https://1wmlv.com/
Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type
PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced
Size
81 B (81 bytes)
Hash
1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

HTTP Headers

GET /fp/clear.png HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*, 3fb27s7b/5f8e5a9ef08d034f7db5258a-2e20-4978-9eeb-cc5e24ac034c
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Last-Modified: Thu, 02 Jan 2025 05:07:40 GMT
Expires: Tue, 01 Jan 2030 05:07:40 GMT
Etag: 9bac4c13b06c44b79653e977fd8028e5
Cache-Control: private, must-revalidate, max-age=0
Access-Control-Allow-Origin: https://1wmlv.com
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png

GET res.1wcommon.com/JBjT7__2NcB1eqtx?de2b90ac3ce764ef=6xKxYFo15LjpvvhKuIhFK72BgZbIJeh5Cw-LZnmUBcxD0VxPuC99P0jVudrO_HPBBEg59Ezk9XPe09HIr8YTy5Fyhdfc6KTt1uTLfpYCChCu6D1IN2qmUXtURoFSP5zslzZKIoW4sC-q0HBkVdLhtqS-JtB-shXFBVUPjt6rsh2W6VCnuqBheh4BH6AW7gGZFhV8t0obUyu9365vA0xx

91.235.132.77

200 OK

15 kB

URL GET HTTP/1.1
res.1wcommon.com/JBjT7__2NcB1eqtx?de2b90ac3ce764ef=6xKxYFo15LjpvvhKuIhFK72BgZbIJeh5Cw-LZnmUBcxD0VxPuC99P0jVudrO_HPBBEg59Ezk9XPe09HIr8YTy5Fyhdfc6KTt1uTLfpYCChCu6D1IN2qmUXtURoFSP5zslzZKIoW4sC-q0HBkVdLhtqS-JtB-shXFBVUPjt6rsh2W6VCnuqBheh4BH6AW7gGZFhV8t0obUyu9365vA0xx
IP
91.235.132.77:443
ASN
#30286 THM

Requested by
https://1wmlv.com/
Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (15506)
Size
15 kB (14701 bytes)
Hash
519cc3d076c8faf4496b16ffaabed3e2
933b50ae2c27a0b97fed40e7169432ec0c2d0f30
90baee4016bdbe06fa69ab17b91abe0e1ce1336b7d2ec2ba00323325da4a9a90

HTTP Headers

GET /JBjT7__2NcB1eqtx?de2b90ac3ce764ef=6xKxYFo15LjpvvhKuIhFK72BgZbIJeh5Cw-LZnmUBcxD0VxPuC99P0jVudrO_HPBBEg59Ezk9XPe09HIr8YTy5Fyhdfc6KTt1uTLfpYCChCu6D1IN2qmUXtURoFSP5zslzZKIoW4sC-q0HBkVdLhtqS-JtB-shXFBVUPjt6rsh2W6VCnuqBheh4BH6AW7gGZFhV8t0obUyu9365vA0xx HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Robots-Tag: noindex, nofollow
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked

GET res.1wcommon.com/TZrMDq5_qKtJmVtA?42dbecf641a137b0=UrBEgbmG-XYsujuapogyipm9twKZbhCcUvfZbLmL_kj0Q5hGLhDVbSI7KQMfgJiTIML5o6HaUNrKoW24U9011nR-QKJc0Sp2buqablOwxiyX55q-FhVaF-gLPy07qLr7IZR4r4yTDoqsRRDw1oEaCIl5q9g_rPTYQtXprHxaYSZH

91.235.132.77

200 OK

30 kB

URL GET HTTP/1.1
res.1wcommon.com/TZrMDq5_qKtJmVtA?42dbecf641a137b0=UrBEgbmG-XYsujuapogyipm9twKZbhCcUvfZbLmL_kj0Q5hGLhDVbSI7KQMfgJiTIML5o6HaUNrKoW24U9011nR-QKJc0Sp2buqablOwxiyX55q-FhVaF-gLPy07qLr7IZR4r4yTDoqsRRDw1oEaCIl5q9g_rPTYQtXprHxaYSZH
IP
91.235.132.77:443
ASN
#30286 THM

Requested by
https://res.1wcommon.com/oxIiiWBRAKsVWQqw?23fbcf3a5b41e323=7tq7zl2n2ByO4XNyhYoDmv7LeWcvtFAKGPA5o6tlT-MwBsmu2QUUYHwkqnp3Cfb_HPicLq5xPSfmIWfJWxJiUEo6yVMbh2OeNksMZh-oV3rMvSNKIrQKWZeal54VSOpghu8xUMh6B9B257vn2PQg0_HJ0p8&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type
ASCII text, with very long lines (15506)
Size
30 kB (30544 bytes)
Hash
3dc5af78933c7cdf18c08cf2150cf0c0
a1b8da26b74e0b2f0a15b3d8170faade58b73ff7
ad244a7a688d703b6c3a1d13e77113951387108d96aace7b8de0eec0c350cd6c

HTTP Headers

GET /TZrMDq5_qKtJmVtA?42dbecf641a137b0=UrBEgbmG-XYsujuapogyipm9twKZbhCcUvfZbLmL_kj0Q5hGLhDVbSI7KQMfgJiTIML5o6HaUNrKoW24U9011nR-QKJc0Sp2buqablOwxiyX55q-FhVaF-gLPy07qLr7IZR4r4yTDoqsRRDw1oEaCIl5q9g_rPTYQtXprHxaYSZH HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://res.1wcommon.com/oxIiiWBRAKsVWQqw?23fbcf3a5b41e323=7tq7zl2n2ByO4XNyhYoDmv7LeWcvtFAKGPA5o6tlT-MwBsmu2QUUYHwkqnp3Cfb_HPicLq5xPSfmIWfJWxJiUEo6yVMbh2OeNksMZh-oV3rMvSNKIrQKWZeal54VSOpghu8xUMh6B9B257vn2PQg0_HJ0p8&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
tmx-nonce: 5f8e5a9ef08d034f
X-Robots-Tag: noindex, nofollow
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked

GET res.1wcommon.com/c4qUalhzv0pXw9gK?23be27d4c1bc9708=f928NYx4PDM09CCFtb_dfmL0FawiQI6N1VpweTEcIEMLRockkZmBq7bF3igjmkZOGt96kAsEpLbYtmUCFJxjapxgC8EJ-6SXILUtNISums1qRcTXvSYquqvkaE7hrrqRb0RQUAEj-3MYcLhWZYNFUOr_Nsw&jf=3136246c716235636e6134673169666d673d3a3c38626631306631666737626364366634663064

91.235.132.77

200 OK

0 B

URL GET HTTP/1.1
res.1wcommon.com/c4qUalhzv0pXw9gK?23be27d4c1bc9708=f928NYx4PDM09CCFtb_dfmL0FawiQI6N1VpweTEcIEMLRockkZmBq7bF3igjmkZOGt96kAsEpLbYtmUCFJxjapxgC8EJ-6SXILUtNISums1qRcTXvSYquqvkaE7hrrqRb0RQUAEj-3MYcLhWZYNFUOr_Nsw&jf=3136246c716235636e6134673169666d673d3a3c38626631306631666737626364366634663064
IP
91.235.132.77:443
ASN
#30286 THM

Requested by
https://res.1wcommon.com/T6ufYWTTc7qkRffr?28df18c4c6d95a4b=0A5q7UJ9MF8dber0ED0BDf9Cw_mU2vIrjxd2QKOCkmdUs1WtgxGa9ucBXJR7SJvrCqdrLnMcsrBJYL2TnigZviYD8KuAaQA_Sr-ITMV1okj7LrtYeG3GRTEEY2K0aCIiwJ1gplShgtzXkoB4q-kRtFFFDGFzqe4yolCv32uzU7KNCL98S08ZjMFdVrRRzXM8I_i9KH9-nFuVytRjNEw
Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c4qUalhzv0pXw9gK?23be27d4c1bc9708=f928NYx4PDM09CCFtb_dfmL0FawiQI6N1VpweTEcIEMLRockkZmBq7bF3igjmkZOGt96kAsEpLbYtmUCFJxjapxgC8EJ-6SXILUtNISums1qRcTXvSYquqvkaE7hrrqRb0RQUAEj-3MYcLhWZYNFUOr_Nsw&jf=3136246c716235636e6134673169666d673d3a3c38626631306631666737626364366634663064 HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://res.1wcommon.com/T6ufYWTTc7qkRffr?28df18c4c6d95a4b=0A5q7UJ9MF8dber0ED0BDf9Cw_mU2vIrjxd2QKOCkmdUs1WtgxGa9ucBXJR7SJvrCqdrLnMcsrBJYL2TnigZviYD8KuAaQA_Sr-ITMV1okj7LrtYeG3GRTEEY2K0aCIiwJ1gplShgtzXkoB4q-kRtFFFDGFzqe4yolCv32uzU7KNCL98S08ZjMFdVrRRzXM8I_i9KH9-nFuVytRjNEw
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive
Content-Type: text/javascript

res.1wcommon.com/chuuIfd-u9EyCe7R?5c9829b7d530e3c6=IHRhFfAAhP-3rNPojcXDDGlmQWlXnMDkAuCcviwvVaoRB2D2DPsv_zPIG1I1sNPl7ZgN3l-qilFPcyzJpR2r5OmilyJasCFFPYy4Fc1KTwBr3LQtW87AUxW0mYQoIn49yS2DTA-VDumPzxhXB7cFEg&fr

91.235.132.77

200 OK

158 B

URL
res.1wcommon.com/chuuIfd-u9EyCe7R?5c9829b7d530e3c6=IHRhFfAAhP-3rNPojcXDDGlmQWlXnMDkAuCcviwvVaoRB2D2DPsv_zPIG1I1sNPl7ZgN3l-qilFPcyzJpR2r5OmilyJasCFFPYy4Fc1KTwBr3LQtW87AUxW0mYQoIn49yS2DTA-VDumPzxhXB7cFEg&fr
IP
91.235.132.77:0
ASN
#30286 THM

Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
158 B (158 bytes)
Hash
a872dcfd0b3f308c9a37b8aab8e815a5
70aca77ee6177686a6c10f4672fb185ccbc1ab28
0ddb97f2e4bda6110dd049382dc3b71da72359b4858b2b19b466cb3f4e696dcf

HTTP Headers

GET /chuuIfd-u9EyCe7R?5c9829b7d530e3c6=IHRhFfAAhP-3rNPojcXDDGlmQWlXnMDkAuCcviwvVaoRB2D2DPsv_zPIG1I1sNPl7ZgN3l-qilFPcyzJpR2r5OmilyJasCFFPYy4Fc1KTwBr3LQtW87AUxW0mYQoIn49yS2DTA-VDumPzxhXB7cFEg&fr HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://res.1wcommon.com/T6ufYWTTc7qkRffr?28df18c4c6d95a4b=0A5q7UJ9MF8dber0ED0BDf9Cw_mU2vIrjxd2QKOCkmdUs1WtgxGa9ucBXJR7SJvrCqdrLnMcsrBJYL2TnigZviYD8KuAaQA_Sr-ITMV1okj7LrtYeG3GRTEEY2K0aCIiwJ1gplShgtzXkoB4q-kRtFFFDGFzqe4yolCv32uzU7KNCL98S08ZjMFdVrRRzXM8I_i9KH9-nFuVytRjNEw
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=97
Transfer-Encoding: chunked

res.1wcommon.com/AeTnOIOEjxR5aKsn?4abe39a3289b8190=CvLF27J0EkoIIMJIftvmfGji87ZMCh1hFbqk9GojRffg6Segm8kmMga9yPSx0VptA_BqKY4TUZgCTjf75sffioPdvaH2PL-YzzgrA5vaktdPRSIqsJpcxJWnltZjL_bsgkVMVDpY_-DPJmJKxFcj4SIFutU&ja=34343526246335302e783d32266e3d39303038703130303c2463663d3332383278333030362671787b3d38783824647272353124333a30382c31323a362e31323a302c333030342e33323a302e3138323c2e313038382c39323a3c24302c322e6f763d3235663533643131363b653462643238396a343660643b383f6038696e3363362e6f6c3d32247363663d3034246e683f68767478732d314127324e253a44397f656c762c6b6d6f25324426706e3d3726726a3d673832326c66693735373131336e366d6a6d38393b3b676034613b39323b3066266a6a3d6063343630393967626462303231613d6e3936323b38363563306638366732362668716f3f4c6b6e7d782e6873603d4e697a676e67702532323134246a736d753d4e696c757a246e6a633f343026666f74723d38267c786c355d54432465637668723f373164353638673662313632386a666c64623a396b3931346e6e6c3466353864333261673364343663646436323b3337366a396e316261363f376a306e6d3a66267235726e75676b6e5f646c63736a27354766636c7b6529726c7767616e577561666c6f7771576f676469635f706e617b657027354766636c7b6529726c7767616e57636c676a655f636b706d62617625354766636c716721726c7767616e5773756b636374616f6d2d3d45666364716721706e75676b6e5d736a6d63697763766d253d4766636c7b652972647d6f696e5d7a67636c706e6179677227354764616e736721786c7d65696c5f7e6c6b5d7864697965702d374766616e736523706e75656b6e5d646776696c7e702537456e6164716d29786c7565616c5d7376655f766b6575657027354766636c7b6529726c7767616e5768697e692535476e636e7365246363663d373036333231&jb=3b35246c733d456f726b6c6e612d324e3726382d32302a5033332533402532324c6b6e777a2530307a383e5f3e362531422d3238707e2d3b41393426322b2532324765616b6d25304432323132303930392732324661726d6467702d32463b3e2c32

91.235.132.77

204 204

0 B

URL
res.1wcommon.com/AeTnOIOEjxR5aKsn?4abe39a3289b8190=CvLF27J0EkoIIMJIftvmfGji87ZMCh1hFbqk9GojRffg6Segm8kmMga9yPSx0VptA_BqKY4TUZgCTjf75sffioPdvaH2PL-YzzgrA5vaktdPRSIqsJpcxJWnltZjL_bsgkVMVDpY_-DPJmJKxFcj4SIFutU&ja=34343526246335302e783d32266e3d39303038703130303c2463663d3332383278333030362671787b3d38783824647272353124333a30382c31323a362e31323a302c333030342e33323a302e3138323c2e313038382c39323a3c24302c322e6f763d3235663533643131363b653462643238396a343660643b383f6038696e3363362e6f6c3d32247363663d3034246e683f68767478732d314127324e253a44397f656c762c6b6d6f25324426706e3d3726726a3d673832326c66693735373131336e366d6a6d38393b3b676034613b39323b3066266a6a3d6063343630393967626462303231613d6e3936323b38363563306638366732362668716f3f4c6b6e7d782e6873603d4e697a676e67702532323134246a736d753d4e696c757a246e6a633f343026666f74723d38267c786c355d54432465637668723f373164353638673662313632386a666c64623a396b3931346e6e6c3466353864333261673364343663646436323b3337366a396e316261363f376a306e6d3a66267235726e75676b6e5f646c63736a27354766636c7b6529726c7767616e577561666c6f7771576f676469635f706e617b657027354766636c7b6529726c7767616e57636c676a655f636b706d62617625354766636c716721726c7767616e5773756b636374616f6d2d3d45666364716721706e75676b6e5d736a6d63697763766d253d4766636c7b652972647d6f696e5d7a67636c706e6179677227354764616e736721786c7d65696c5f7e6c6b5d7864697965702d374766616e736523706e75656b6e5d646776696c7e702537456e6164716d29786c7565616c5d7376655f766b6575657027354766636c7b6529726c7767616e5768697e692535476e636e7365246363663d373036333231&jb=3b35246c733d456f726b6c6e612d324e3726382d32302a5033332533402532324c6b6e777a2530307a383e5f3e362531422d3238707e2d3b41393426322b2532324765616b6d25304432323132303930392732324661726d6467702d32463b3e2c32
IP
91.235.132.77:0
ASN
#30286 THM

Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /AeTnOIOEjxR5aKsn?4abe39a3289b8190=CvLF27J0EkoIIMJIftvmfGji87ZMCh1hFbqk9GojRffg6Segm8kmMga9yPSx0VptA_BqKY4TUZgCTjf75sffioPdvaH2PL-YzzgrA5vaktdPRSIqsJpcxJWnltZjL_bsgkVMVDpY_-DPJmJKxFcj4SIFutU&ja=34343526246335302e783d32266e3d39303038703130303c2463663d3332383278333030362671787b3d38783824647272353124333a30382c31323a362e31323a302c333030342e33323a302e3138323c2e313038382c39323a3c24302c322e6f763d3235663533643131363b653462643238396a343660643b383f6038696e3363362e6f6c3d32247363663d3034246e683f68767478732d314127324e253a44397f656c762c6b6d6f25324426706e3d3726726a3d673832326c66693735373131336e366d6a6d38393b3b676034613b39323b3066266a6a3d6063343630393967626462303231613d6e3936323b38363563306638366732362668716f3f4c6b6e7d782e6873603d4e697a676e67702532323134246a736d753d4e696c757a246e6a633f343026666f74723d38267c786c355d54432465637668723f373164353638673662313632386a666c64623a396b3931346e6e6c3466353864333261673364343663646436323b3337366a396e316261363f376a306e6d3a66267235726e75676b6e5f646c63736a27354766636c7b6529726c7767616e577561666c6f7771576f676469635f706e617b657027354766636c7b6529726c7767616e57636c676a655f636b706d62617625354766636c716721726c7767616e5773756b636374616f6d2d3d45666364716721706e75676b6e5d736a6d63697763766d253d4766636c7b652972647d6f696e5d7a67636c706e6179677227354764616e736721786c7d65696c5f7e6c6b5d7864697965702d374766616e736523706e75656b6e5d646776696c7e702537456e6164716d29786c7565616c5d7376655f766b6575657027354766636c7b6529726c7767616e5768697e692535476e636e7365246363663d373036333231&jb=3b35246c733d456f726b6c6e612d324e3726382d32302a5033332533402532324c6b6e777a2530307a383e5f3e362531422d3238707e2d3b41393426322b2532324765616b6d25304432323132303930392732324661726d6467702d32463b3e2c32 HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 204
Date: Thu, 02 Jan 2025 05:07:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive

91.235.132.77

200 OK

0 B

URL
res.1wcommon.com/AeTnOIOEjxR5aKsn?4abe39a3289b8190=CvLF27J0EkoIIMJIftvmfGji87ZMCh1hFbqk9GojRffg6Segm8kmMga9yPSx0VptA_BqKY4TUZgCTjf75sffioPdvaH2PL-YzzgrA5vaktdPRSIqsJpcxJWnltZjL_bsgkVMVDpY_-DPJmJKxFcj4SIFutU&jac=1&je=30333626246a6e6e353335246a6e683530696a3a636363383537306432346263313b363560373b6135613c33313235662662667c6c353832313632323337267767693d3b312c39322c34302e33353c26786f3d7b657b2669776c60356466373c603734303a303537636635676036323961636d646b633534373a366d613d3938366334303734323861653966303b373b3436313136303a3339666430266d783b3f6c6e3e3865643f603237383a616636623539646038646267626d653b643563616b636c31313e3c30266770363f30663a65653b6667363737333b623b646a366c613837326e3539306d3f3f3030
IP
91.235.132.77:0
ASN
#30286 THM

Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /AeTnOIOEjxR5aKsn?4abe39a3289b8190=CvLF27J0EkoIIMJIftvmfGji87ZMCh1hFbqk9GojRffg6Segm8kmMga9yPSx0VptA_BqKY4TUZgCTjf75sffioPdvaH2PL-YzzgrA5vaktdPRSIqsJpcxJWnltZjL_bsgkVMVDpY_-DPJmJKxFcj4SIFutU&jac=1&je=30333626246a6e6e353335246a6e683530696a3a636363383537306432346263313b363560373b6135613c33313235662662667c6c353832313632323337267767693d3b312c39322c34302e33353c26786f3d7b657b2669776c60356466373c603734303a303537636635676036323961636d646b633534373a366d613d3938366334303734323861653966303b373b3436313136303a3339666430266d783b3f6c6e3e3865643f603237383a616636623539646038646267626d653b643563616b636c31313e3c30266770363f30663a65653b6667363737333b623b646a366c613837326e3539306d3f3f3030 HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=2, max=96
Connection: Keep-Alive
Content-Type: text/javascript

res.1wcommon.com/mE2s651G9dMegDhL?42cff4ba1c4602cd=4HFeaFKxT1dxMn4lBgehGk7FuhpIA7iLAh-G3FU5ved-Eek7roFux9xHHHcn6o6qT0q11Qt4F8-5Pd3qJ96YRI8UiAP3YCLddqVVMTryvTNVfrW81w7dAyAmX2X02FWiqQR_QldRPyY07g3UWdOZdztmU_rEdONpYVCBtN2stLahgV1gcyoPfCRiawY05V5i79GONvQ-EL8g3lNqRZ7Ib9dty38&sera_parametere=UxYFAAIFAQBSUl4BBwoNUwxRXFYEVwwDXlNeBQYHUFQBU11RDQAAVwVVCkJDQAkPWxZNEUZECiFDB3pBB3cRVAUMSwBZBFQACERLQQN3EVF3Vh1ScUQLVQ5fSxBDFgciEFF6QAIlHwEPDQ8ABgBSVwZQAAAAVVsABFJbUVZVVldUAw0HBVULXAIAXF0GBgZVBFYeC1oPWgBbBV5cVQZVX1AACF1RUQpRABZSFw0DTFFWVlkHAFEBXFYFWQJSUgVWUVMJUQAAWgBSA1lcVFEAX1ZUXFMHBQlDB1kFVQIEAlMTD1FYGFAfFQ8NAV0JCgxAXQ0FQ1dcfwwUVV4LSBVWEAhfDkNXDkpYKllWEUgVVwQIElwfagJYCQpSWQdbFVESCFcJXQ%3D%3D&count=0&max=0

91.235.132.77

200 OK

61 B

URL
res.1wcommon.com/mE2s651G9dMegDhL?42cff4ba1c4602cd=4HFeaFKxT1dxMn4lBgehGk7FuhpIA7iLAh-G3FU5ved-Eek7roFux9xHHHcn6o6qT0q11Qt4F8-5Pd3qJ96YRI8UiAP3YCLddqVVMTryvTNVfrW81w7dAyAmX2X02FWiqQR_QldRPyY07g3UWdOZdztmU_rEdONpYVCBtN2stLahgV1gcyoPfCRiawY05V5i79GONvQ-EL8g3lNqRZ7Ib9dty38&sera_parametere=UxYFAAIFAQBSUl4BBwoNUwxRXFYEVwwDXlNeBQYHUFQBU11RDQAAVwVVCkJDQAkPWxZNEUZECiFDB3pBB3cRVAUMSwBZBFQACERLQQN3EVF3Vh1ScUQLVQ5fSxBDFgciEFF6QAIlHwEPDQ8ABgBSVwZQAAAAVVsABFJbUVZVVldUAw0HBVULXAIAXF0GBgZVBFYeC1oPWgBbBV5cVQZVX1AACF1RUQpRABZSFw0DTFFWVlkHAFEBXFYFWQJSUgVWUVMJUQAAWgBSA1lcVFEAX1ZUXFMHBQlDB1kFVQIEAlMTD1FYGFAfFQ8NAV0JCgxAXQ0FQ1dcfwwUVV4LSBVWEAhfDkNXDkpYKllWEUgVVwQIElwfagJYCQpSWQdbFVESCFcJXQ%3D%3D&count=0&max=0
IP
91.235.132.77:0
ASN
#30286 THM

Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
61 B (61 bytes)
Hash
d7fc0bbe1e0676a36e0186c03f1fcc6f
40c6af2957cc989998210e1993f0ef0b34de0572
22526685649e1c32efe41802fd96787618bee9fe61873bfe0dbe7f71211e7b84

HTTP Headers

GET /mE2s651G9dMegDhL?42cff4ba1c4602cd=4HFeaFKxT1dxMn4lBgehGk7FuhpIA7iLAh-G3FU5ved-Eek7roFux9xHHHcn6o6qT0q11Qt4F8-5Pd3qJ96YRI8UiAP3YCLddqVVMTryvTNVfrW81w7dAyAmX2X02FWiqQR_QldRPyY07g3UWdOZdztmU_rEdONpYVCBtN2stLahgV1gcyoPfCRiawY05V5i79GONvQ-EL8g3lNqRZ7Ib9dty38&sera_parametere=UxYFAAIFAQBSUl4BBwoNUwxRXFYEVwwDXlNeBQYHUFQBU11RDQAAVwVVCkJDQAkPWxZNEUZECiFDB3pBB3cRVAUMSwBZBFQACERLQQN3EVF3Vh1ScUQLVQ5fSxBDFgciEFF6QAIlHwEPDQ8ABgBSVwZQAAAAVVsABFJbUVZVVldUAw0HBVULXAIAXF0GBgZVBFYeC1oPWgBbBV5cVQZVX1AACF1RUQpRABZSFw0DTFFWVlkHAFEBXFYFWQJSUgVWUVMJUQAAWgBSA1lcVFEAX1ZUXFMHBQlDB1kFVQIEAlMTD1FYGFAfFQ8NAV0JCgxAXQ0FQ1dcfwwUVV4LSBVWEAhfDkNXDkpYKllWEUgVVwQIElwfagJYCQpSWQdbFVESCFcJXQ%3D%3D&count=0&max=0 HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://res.1wcommon.com/oxIiiWBRAKsVWQqw?23fbcf3a5b41e323=7tq7zl2n2ByO4XNyhYoDmv7LeWcvtFAKGPA5o6tlT-MwBsmu2QUUYHwkqnp3Cfb_HPicLq5xPSfmIWfJWxJiUEo6yVMbh2OeNksMZh-oV3rMvSNKIrQKWZeal54VSOpghu8xUMh6B9B257vn2PQg0_HJ0p8&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=96
Transfer-Encoding: chunked

v1.bundlecdn.com/img/endorphina.20b721ba6.svg

154.197.121.128

200 OK

5.1 kB

URL
v1.bundlecdn.com/img/endorphina.20b721ba6.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
5.1 kB (5085 bytes)
Hash
4ff7e2f10ae2564fe14fa27e3646b1e6
dbe67f8ceda27dbbd671fb51902eb171c473a0e5
ffc07803b313ce17f163b3e271b909cb732d7a03840b366e3d36b452261c16aa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/endorphina.20b721ba6.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-1bc9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7131
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a00ba1eeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/ka%20gaming.b92968928.svg

154.197.121.128

200 OK

9.3 kB

URL GET HTTP/2
v1.bundlecdn.com/img/ka%20gaming.b92968928.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
gzip compressed data, from Unix
Size
9.3 kB (9268 bytes)
Hash
aa69ce282719318f75d14d2a59efc380
05c4d604176ba993e0292149fb15061512d849af
d0161e9e6983ce07d97afba138200fff1153baa4eeb8e6ae50ee7c34cc9868ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ka%20gaming.b92968928.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-1f20"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a01bb38eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/fJfRREsy0XQXxUo1MO5IOvgrJOenltyBPMmXIq3PmuWPeVI52xPi8H6tHn9bc5gBULVsBFnXLYQWrKhUKIYCJCjN--8XomkmMO4P.jpg@avif

154.197.121.128

200 OK

31 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/fJfRREsy0XQXxUo1MO5IOvgrJOenltyBPMmXIq3PmuWPeVI52xPi8H6tHn9bc5gBULVsBFnXLYQWrKhUKIYCJCjN--8XomkmMO4P.jpg@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
31 kB (31250 bytes)
Hash
1584746e9fe3a273cea1c4c8ab0bf9a3
bde66fb9a5e2342e5882602672da5b03fca78999
c46ebc5dfef0c13facbe70d318c6d5ce9717ea3d7460e79f4ed186c225fd8909

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/fJfRREsy0XQXxUo1MO5IOvgrJOenltyBPMmXIq3PmuWPeVI52xPi8H6tHn9bc5gBULVsBFnXLYQWrKhUKIYCJCjN--8XomkmMO4P.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:45 GMT
content-type: image/avif
content-length: 31250
cache-control: public, max-age=31536000
content-disposition: inline; filename="fJfRREsy0XQXxUo1MO5IOvgrJOenltyBPMmXIq3PmuWPeVI52xPi8H6tHn9bc5gBULVsBFnXLYQWrKhUKIYCJCjN--8XomkmMO4P.avif"
content-security-policy: script-src 'none'
etag: "xlg5b1aJN0wEm5fM9W-pwGes5IuQ2UVu2WSuFNlmdfI/RIjY2ODY4NzZjLTFmYjI5Ig"
x-request-id: QqkDlciWAtyYbB_nfMKUL
cf-cache-status: HIT
age: 1106870
expires: Fri, 02 Jan 2026 05:07:45 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a30cfa0eb51-CPH
X-Firefox-Spdy: h2

POST 1wmlv.com/analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7

186.2.162.102

204 No Content

0 B

URL POST HTTP/2
1wmlv.com/analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7 HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 578
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=InYDG1J7UdQ1aOIP; __ddg9_=91.90.42.154; __ddg10_=1735794459; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ2NTQwOCUyQyUyMmxhc3RFdmVudElkJTIyJTNBMyUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1; _ga_548949LWLW=GS1.1.1735794458.1.0.1735794465.53.0.0; _ga=GA1.1.1397201438.1735794459; _gcl_au=1.1.434243715.1735794459
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=gJfZNTYMWzOj9jaZ; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:45 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:45 GMT
__ddg10_=1735794465; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:45 GMT
date: Thu, 02 Jan 2025 05:07:45 GMT
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4cc1v894728184z8894400803za200zb894400803&_p=1735794455929&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1397201438.1735794459&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&sid=1735794458&sct=1&seg=0&dl=https%3A%2F%2F1wmlv.com%2F&dt=1win&en=slider_banner_view&tfd=16513

216.239.34.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4cc1v894728184z8894400803za200zb894400803&_p=1735794455929&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1397201438.1735794459&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&sid=1735794458&sct=1&seg=0&dl=https%3A%2F%2F1wmlv.com%2F&dt=1win&en=slider_banner_view&tfd=16513
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintFA:A6:D6:5C:A6:DC:BE:D1:9A:34:42:70:3B:66:13:21:40:A4:C9:E4
ValidityMon, 02 Dec 2024 08:35:56 GMT - Mon, 24 Feb 2025 08:35:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4cc1v894728184z8894400803za200zb894400803&_p=1735794455929&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1397201438.1735794459&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&sid=1735794458&sct=1&seg=0&dl=https%3A%2F%2F1wmlv.com%2F&dt=1win&en=slider_banner_view&tfd=16513 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wmlv.com/
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1wmlv.com
date: Thu, 02 Jan 2025 05:07:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/wcc4o3abqZ201f0i0-zoqfGciuvL-f1fSqvFbWYliF2Y-vACZI24ESsGS9jy-cQ3RLDNZoUNlu6HB12Gidf8E4_LR-32LEglw0t5.jpg@avif

154.197.121.128

200 OK

22 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/wcc4o3abqZ201f0i0-zoqfGciuvL-f1fSqvFbWYliF2Y-vACZI24ESsGS9jy-cQ3RLDNZoUNlu6HB12Gidf8E4_LR-32LEglw0t5.jpg@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
22 kB (22015 bytes)
Hash
540858ed9afa656ecc7a3df4bc91a571
35c5f8a0b14c8c161b570f7b3c34f53fea6bb95e
8ecadee37370d187b97bbcedcb03790865b05f9b7a6d25e0664aefe5cb37aff8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/wcc4o3abqZ201f0i0-zoqfGciuvL-f1fSqvFbWYliF2Y-vACZI24ESsGS9jy-cQ3RLDNZoUNlu6HB12Gidf8E4_LR-32LEglw0t5.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:53 GMT
content-type: image/avif
content-length: 22015
cache-control: public, max-age=31536000
content-disposition: inline; filename="wcc4o3abqZ201f0i0-zoqfGciuvL-f1fSqvFbWYliF2Y-vACZI24ESsGS9jy-cQ3RLDNZoUNlu6HB12Gidf8E4_LR-32LEglw0t5.avif"
content-security-policy: script-src 'none'
etag: "xlg5b1aJN0wEm5fM9W-pwGes5IuQ2UVu2WSuFNlmdfI/RIjY2MTQzNWEwLTJiMDlkIg"
x-request-id: ZXavwKL_AtMkn1IvzNRkS
cf-cache-status: HIT
age: 13789398
expires: Fri, 02 Jan 2026 05:07:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a62fccfeb51-CPH
X-Firefox-Spdy: h2

POST 1wmlv.com/analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7

186.2.162.102

204 No Content

0 B

URL POST HTTP/2
1wmlv.com/analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7 HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 533
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=gJfZNTYMWzOj9jaZ; __ddg9_=91.90.42.154; __ddg10_=1735794465; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ3MzQ0MCUyQyUyMmxhc3RFdmVudElkJTIyJTNBNCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1; _ga_548949LWLW=GS1.1.1735794458.1.0.1735794473.45.0.0; _ga=GA1.1.1397201438.1735794459; _gcl_au=1.1.434243715.1735794459
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=iejotiugmbffld78; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:53 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:53 GMT
__ddg10_=1735794473; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:53 GMT
date: Thu, 02 Jan 2025 05:07:53 GMT
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4cc1v894728184z8894400803za200zb894400803&_p=1735794455929&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1397201438.1735794459&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=4&sid=1735794458&sct=1&seg=0&dl=https%3A%2F%2F1wmlv.com%2F&dt=1win&en=slider_banner_view&tfd=24531

216.239.34.36

204 No Content

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4cc1v894728184z8894400803za200zb894400803&_p=1735794455929&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1397201438.1735794459&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=4&sid=1735794458&sct=1&seg=0&dl=https%3A%2F%2F1wmlv.com%2F&dt=1win&en=slider_banner_view&tfd=24531
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4cc1v894728184z8894400803za200zb894400803&_p=1735794455929&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1397201438.1735794459&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=4&sid=1735794458&sct=1&seg=0&dl=https%3A%2F%2F1wmlv.com%2F&dt=1win&en=slider_banner_view&tfd=24531 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wmlv.com/
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1wmlv.com
date: Thu, 02 Jan 2025 05:07:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/LYSvmPRXjyH7-HcubyJseWObASwDmaFtD8HcJx10NNuerS99ntgJn8WcgiPaCZRmIRkmP0nHNJAgCL3tCkUrJZWQFpLu9kRW_UD7.jpg@avif

154.197.121.128

200 OK

29 kB

URL
imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/LYSvmPRXjyH7-HcubyJseWObASwDmaFtD8HcJx10NNuerS99ntgJn8WcgiPaCZRmIRkmP0nHNJAgCL3tCkUrJZWQFpLu9kRW_UD7.jpg@avif
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
29 kB (28869 bytes)
Hash
10270d08e6a95bd0987434775ee0f6c1
ef0f4fa3143bb541a0b61a7a3d3f01b03e526544
be8e438b82b8d199784337dfacc3534843d4a1c81035e56e27479a93ee6f2423

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/LYSvmPRXjyH7-HcubyJseWObASwDmaFtD8HcJx10NNuerS99ntgJn8WcgiPaCZRmIRkmP0nHNJAgCL3tCkUrJZWQFpLu9kRW_UD7.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:08:01 GMT
content-type: image/avif
content-length: 28869
cache-control: public, max-age=31536000
content-disposition: inline; filename="LYSvmPRXjyH7-HcubyJseWObASwDmaFtD8HcJx10NNuerS99ntgJn8WcgiPaCZRmIRkmP0nHNJAgCL3tCkUrJZWQFpLu9kRW_UD7.avif"
content-security-policy: script-src 'none'
etag: "xlg5b1aJN0wEm5fM9W-pwGes5IuQ2UVu2WSuFNlmdfI/RIjY3NjQ1YmYzLTFjMjU2Ig"
expires: Fri, 02 Jan 2026 05:08:01 GMT
x-request-id: Awnr4r_8VFip-slCXq3tc
cf-cache-status: HIT
age: 158104
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a94acdceb51-CPH
X-Firefox-Spdy: h2

POST 1wmlv.com/analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7

186.2.162.102

204 No Content

0 B

URL POST HTTP/2
1wmlv.com/analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7 HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 558
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=iejotiugmbffld78; __ddg9_=91.90.42.154; __ddg10_=1735794473; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ4MTM4OCUyQyUyMmxhc3RFdmVudElkJTIyJTNBNSUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1; _ga_548949LWLW=GS1.1.1735794458.1.0.1735794481.37.0.0; _ga=GA1.1.1397201438.1735794459; _gcl_au=1.1.434243715.1735794459
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=cfpqOsJIspJYllsW; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:28:01 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:28:01 GMT
__ddg10_=1735794481; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:28:01 GMT
date: Thu, 02 Jan 2025 05:08:01 GMT
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
X-Firefox-Spdy: h2

res.1wcommon.com/aZiYfDopaZPo9DYP?7dabb4c063676239=yrREofOb9tVCqAJkj08cQJoToeBy6PTrXbi_sgnT8YoYMSZthtE1tMpRkAZTB3Dv0VDS7GaeYULuCCxB3IfW9sK71mIcQGQhve-Ls66aq2_5Ytr7yQiLG7tm1oisfA96fzq9DfjFWLoSwL5Xp3ZgjkVBdxg

91.235.132.77

200 OK

0 B

URL
res.1wcommon.com/aZiYfDopaZPo9DYP?7dabb4c063676239=yrREofOb9tVCqAJkj08cQJoToeBy6PTrXbi_sgnT8YoYMSZthtE1tMpRkAZTB3Dv0VDS7GaeYULuCCxB3IfW9sK71mIcQGQhve-Ls66aq2_5Ytr7yQiLG7tm1oisfA96fzq9DfjFWLoSwL5Xp3ZgjkVBdxg
IP
91.235.132.77:0
ASN
#30286 THM

Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /aZiYfDopaZPo9DYP?7dabb4c063676239=yrREofOb9tVCqAJkj08cQJoToeBy6PTrXbi_sgnT8YoYMSZthtE1tMpRkAZTB3Dv0VDS7GaeYULuCCxB3IfW9sK71mIcQGQhve-Ls66aq2_5Ytr7yQiLG7tm1oisfA96fzq9DfjFWLoSwL5Xp3ZgjkVBdxg HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 8
Origin: https://res.1wcommon.com
DNT: 1
Connection: keep-alive
Referer: https://res.1wcommon.com/JBjT7__2NcB1eqtx?de2b90ac3ce764ef=6xKxYFo15LjpvvhKuIhFK72BgZbIJeh5Cw-LZnmUBcxD0VxPuC99P0jVudrO_HPBBEg59Ezk9XPe09HIr8YTy5Fyhdfc6KTt1uTLfpYCChCu6D1IN2qmUXtURoFSP5zslzZKIoW4sC-q0HBkVdLhtqS-JtB-shXFBVUPjt6rsh2W6VCnuqBheh4BH6AW7gGZFhV8t0obUyu9365vA0xx
Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:08:04 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Access-Control-Allow-Origin: https://res.1wcommon.com
Content-Length: 0
Content-Type: text/javascript

GET v1.bundlecdn.com/img/3%20oaks%20gaming.a6d146d58.svg

154.197.121.128

200 OK

2.7 kB

URL GET HTTP/2
v1.bundlecdn.com/img/3%20oaks%20gaming.a6d146d58.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2722 bytes)
Hash
443b070227be618d0513c134be5b65f2
cea77f63f79f4a2406af9f75e29078e40c69f9e3
99766510c4cf78a018e87ef969b90f738755e653efa66e1b5f2f9e6ab7d41ed8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/3%20oaks%20gaming.a6d146d58.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-aa2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 989
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ff388aeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/netgame.8e28ed366.svg

154.197.121.128

200 OK

2.9 kB

URL GET HTTP/2
v1.bundlecdn.com/img/netgame.8e28ed366.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2917 bytes)
Hash
f7a27f15353cbc6d80464cb321e6f7cd
8e9d03da3c5f00a3a228b545cb8759e837059323
c7829189320f0892562d94639b839e69ab98bc4148e5827a634127bcc2ba9740

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/netgame.8e28ed366.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-b65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4133
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a023ba6eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/tvbet.fea6d0222.svg

154.197.121.128

200 OK

9.4 kB

URL GET HTTP/2
v1.bundlecdn.com/img/tvbet.fea6d0222.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
9.4 kB (9418 bytes)
Hash
daf98e0c0d45cb1db158d09bd07e4959
2c28a0c557fb1cf89267d49d2d5ff2a958f896c9
e3f1319aa5c6feb25f6b42156eda20d784b7a7fa6ed97488292a7f5e23b44ab4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/tvbet.fea6d0222.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-24ca"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5331
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a030c7feb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/71e7a6e8-e0fb-4775-8133-023bf3bc624c_horizontal.png@avif

154.197.121.128

200 OK

5.2 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/71e7a6e8-e0fb-4775-8133-023bf3bc624c_horizontal.png@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
5.2 kB (5243 bytes)
Hash
5ed68df56ac80aae9ddf7935bda3910f
ecbea1a8365b6f4c4f99d4febaee2ad99c1eb365
de4f4af6746e22095436ad04e3f887bc91d6a2a1a40f536f8b680a65dab994ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/71e7a6e8-e0fb-4775-8133-023bf3bc624c_horizontal.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 5243
cache-control: public, max-age=31536000
content-disposition: inline; filename="71e7a6e8-e0fb-4775-8133-023bf3bc624c_horizontal.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3NTcyNWQzLTIzYWI0Ig"
expires: Fri, 02 Jan 2026 05:07:38 GMT
x-request-id: 4tIjQAku4hsyp_H3aPnI0
cf-cache-status: HIT
age: 1158722
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a050e03eb51-CPH
X-Firefox-Spdy: h2

GET 1wmlv.com/common/banners/allv4?localeId=1&lang=en&tzOffset=0

186.2.162.102

200 OK

20 kB

URL GET HTTP/2
1wmlv.com/common/banners/allv4?localeId=1&lang=en&tzOffset=0
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type

Size
20 kB (20153 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/banners/allv4?localeId=1&lang=en&tzOffset=0 HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Origin: 1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=yHAdNQy17Z8QcCfJ; __ddg9_=91.90.42.154; __ddg10_=1735794455; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJwYWdlQ291bnRlciUyMiUzQTAlN0Q=; 1w_locale=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=FX37RV4dSbXiXnbc; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:35 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:35 GMT
__ddg10_=1735794455; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:35 GMT
date: Thu, 02 Jan 2025 05:07:35 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"65e5-UQviI8R27a4N54WU2HjcbUUgCHQ"
vary: Accept-Encoding, Origin
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/81/c9c8bf1f-d3ea-4d33-b0d3-3eb388900e16_horizontal.svg

186.2.162.102

200 OK

3.0 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/81/c9c8bf1f-d3ea-4d33-b0d3-3eb388900e16_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
3.0 kB (2973 bytes)
Hash
aaf2a17e1316f5d72867f164d06876ff
dd15e3451be6034b8c7c045a5798b1e3bc615cd2
268b4dffecd813ac899f3a1c7f60709b5dea58bcc2d83ed8308a93e4635e139f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/81/c9c8bf1f-d3ea-4d33-b0d3-3eb388900e16_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=kO2LNcBzj5xdbBrL; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67642c73-b9d"
last-modified: Thu, 19 Dec 2024 14:23:47 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/3/d4ef7daf-259b-41db-9c4c-c1bd56bd725d_horizontal.svg

0.0.0.0

0 B

URL GET
1wmlv.com/casino-images/1/categories/3/d4ef7daf-259b-41db-9c4c-c1bd56bd725d_horizontal.svg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wmlv.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/3/d4ef7daf-259b-41db-9c4c-c1bd56bd725d_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

0.0.0.0

0 B

URL GET
imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/wcc4o3abqZ201f0i0-zoqfGciuvL-f1fSqvFbWYliF2Y-vACZI24ESsGS9jy-cQ3RLDNZoUNlu6HB12Gidf8E4_LR-32LEglw0t5.jpg@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_2x/plain/https://static-adm.v1.bundlecdn.com/banner-files/wcc4o3abqZ201f0i0-zoqfGciuvL-f1fSqvFbWYliF2Y-vACZI24ESsGS9jy-cQ3RLDNZoUNlu6HB12Gidf8E4_LR-32LEglw0t5.jpg@png HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET v1.bundlecdn.com/js/28852.1642f4cbc.js

154.197.121.128

200 OK

906 B

URL GET HTTP/2
v1.bundlecdn.com/js/28852.1642f4cbc.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (924), with no line terminators
Size
906 B (906 bytes)
Hash
f97751384d582a6e650b35ebe9d32479
e545afff49a2a354c28392833508fd88ebaa4875
1df0101a9f183c7133c49e126c64e4820760e5ab7d99895d0ee7e6d514810b9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/28852.1642f4cbc.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 22 Aug 2024 12:57:33 GMT
etag: W/"66c735bd-38a"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 11462602
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f6f984eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/index.a08d81d4e.js

154.197.121.128

200 OK

271 kB

URL GET HTTP/2
v1.bundlecdn.com/js/index.a08d81d4e.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type

Size
271 kB (270828 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/index.a08d81d4e.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:34 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-421ec"
expires: Sun, 31 Dec 2034 05:07:34 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 221026
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ee3840eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET cf.1win.direct/v4/socket.io/?Language=en&xorigin=1wmlv.com&EIO=4&transport=websocket

154.197.121.130

101 Switching Protocols

0 B

URL GET HTTP/1.1
cf.1win.direct/v4/socket.io/?Language=en&xorigin=1wmlv.com&EIO=4&transport=websocket
IP
154.197.121.130:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectcf.1win.direct
Fingerprint41:C1:05:59:3A:FC:01:90:2B:82:A6:59:AE:81:08:79:10:5B:7F:BC
ValiditySun, 15 Dec 2024 11:14:18 GMT - Sat, 15 Mar 2025 12:14:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v4/socket.io/?Language=en&xorigin=1wmlv.com&EIO=4&transport=websocket HTTP/1.1
Host: cf.1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wmlv.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZjTg/FzQ4bSWV6trbNgQjA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Thu, 02 Jan 2025 05:07:35 GMT
Connection: upgrade
Sec-Websocket-Accept: adhjobNQ92JObCQDagrCyvoR1mo=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=210313c5ac86b022; Path=/; HttpOnly
Upgrade: websocket
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 8fb839f40b37eb54-CPH

GET v1.bundlecdn.com/img/bookmaker-rating-en.e5dcc84dd.svg

154.197.121.128

200 OK

19 kB

URL GET HTTP/2
v1.bundlecdn.com/img/bookmaker-rating-en.e5dcc84dd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
19 kB (19124 bytes)
Hash
6cc20c3ddeede7970b09582754e1fe3e
343b04db5d2d9bc03ccdbbe914c61b2a41245ba6
11419071480a1e574e8e7d0b7bcbd505c2e3f0506233b781cd4e1e3965e95816

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bookmaker-rating-en.e5dcc84dd.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-4ab4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7132
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fc5e5deb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/19/4e334bfb-a20c-4f94-a07d-88ffd83412bb_horizontal.svg

186.2.162.102

200 OK

2.2 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/19/4e334bfb-a20c-4f94-a07d-88ffd83412bb_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2165 bytes)
Hash
9bf1342ee59bf08d8d7ab51c375e5203
d1317e6e1f7c32cd2a3f3c9e8a176813fede810a
5857f24ae238e2ff60def803966fb107cc7fb9e6bfae01f19510f6c81bace643

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/19/4e334bfb-a20c-4f94-a07d-88ffd83412bb_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=mrPKjtIEx3XZreog; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67642cc5-875"
last-modified: Thu, 19 Dec 2024 14:25:09 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/77da3cb8-e43b-4220-9f9a-83e0f763ee17_horizontal.png@avif

154.197.121.128

200 OK

6.3 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/77da3cb8-e43b-4220-9f9a-83e0f763ee17_horizontal.png@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
6.3 kB (6318 bytes)
Hash
e12b4952410adf38acbaa9b28bf09c65
2101a3be7ec7ed191642bae21505d11893c78e82
afcd034f02b56d945e7b7a982d96d8b386f959c997ed3f89229d98fbf864e16d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/77da3cb8-e43b-4220-9f9a-83e0f763ee17_horizontal.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 6318
cache-control: public, max-age=31536000
content-disposition: inline; filename="77da3cb8-e43b-4220-9f9a-83e0f763ee17_horizontal.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3NTg5ZTZhLTI2MDdhIg"
expires: Fri, 02 Jan 2026 05:07:38 GMT
x-request-id: XuA1YstfgRv0_qHPEC5Hz
cf-cache-status: HIT
age: 1926734
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a050e0feb51-CPH
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/0e2d11b9-786d-4e45-8265-542c38fc3575.jpg@avif

154.197.121.128

200 OK

6.1 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/0e2d11b9-786d-4e45-8265-542c38fc3575.jpg@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
6.1 kB (6144 bytes)
Hash
f5ad72218c77c593b711c2995f98d870
ec24391712ae76c2fb0e8b7d6048c1dc8064a978
8474dc900037407d33349d120fb711fe5724399990fa75d02c9a098497f77fca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/0e2d11b9-786d-4e45-8265-542c38fc3575.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 6144
cache-control: public, max-age=31536000
content-disposition: inline; filename="0e2d11b9-786d-4e45-8265-542c38fc3575.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzNjNiNTQ5LTE5MzM1Ig"
x-request-id: ILJwAGAJ2iM6RZvFYkkvX
cf-cache-status: HIT
age: 3310991
expires: Fri, 02 Jan 2026 05:07:38 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a050e14eb51-CPH
X-Firefox-Spdy: h2

GET 1wmlv.com/img/logo/main/1win-ny.png

186.2.162.102

200 OK

10 kB

URL GET HTTP/2
1wmlv.com/img/logo/main/1win-ny.png
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
PNG image data, 400 x 164, 8-bit colormap, non-interlaced
Size
10 kB (10205 bytes)
Hash
ab4c1c667a24d7c5769d383ee332f66d
a401da040a809cb2abb105c58a2922d4b4accb2b
f5c53694509735f2f5ccf557f31fdeb0eea2915c356bc573d88b4debe5ff936c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/logo/main/1win-ny.png HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=vnVZEQXufTBQBKkd; __ddg9_=91.90.42.154; __ddg10_=1735794454; __ddg1_=S7wYT78fSAJSkRMkWDxQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=r4uYPukBWlVkMeR8; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:34 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:34 GMT
__ddg10_=1735794454; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:34 GMT
date: Thu, 02 Jan 2025 05:07:34 GMT
content-type: image/png
content-length: 10205
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: "6772bd7f-27dd"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/1x2gaming.6636fe414.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
v1.bundlecdn.com/img/1x2gaming.6636fe414.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2192 bytes)
Hash
237e2c605d143825d1584ac48710ba41
a9ed0c184993c1c286782669b106e837226f4505
f9a8ec7b307c62df6bd4c795a5508f6956d49069fbb208b73499fafd90bd9be0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1x2gaming.6636fe414.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-890"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 790
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ff3882eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/gamomat.593230062.svg

154.197.121.128

200 OK

643 B

URL GET HTTP/2
v1.bundlecdn.com/img/gamomat.593230062.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
643 B (643 bytes)
Hash
bfaa3d42e6ab264b9080e74f867e85de
5026f5b14a42af9eaaf3d09468fa27728287cdae
9911098f481a732b6e8ae3ff8ce922ae03f087eba0d8359f1ad1a23b8a71e630

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gamomat.593230062.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-283"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a015ab1eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/jetx.64787fc5c.svg

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
v1.bundlecdn.com/img/jetx.64787fc5c.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
13 kB (13301 bytes)
Hash
0046061bb77d38094cc0f71b7371d406
1fd7894d0117251f1eeec1a343b85532d7864a05
bac9b1ac206602f5369235b21d6373b9b6f7980ff55c4e851d8a40f00db4d0fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4134
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f759e2eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/yggdrasil.a6bc350dc.svg

154.197.121.128

200 OK

5.8 kB

URL GET HTTP/2
v1.bundlecdn.com/img/yggdrasil.a6bc350dc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
5.8 kB (5783 bytes)
Hash
1156d7b0c16ee989276ab38995b5e316
2efca22c943534eec487d1441efc9c1280c0ce62
05a95300234033b2ad7ffbf88873540ae90bfb3b849dc207666d8deed966d24d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/yggdrasil.a6bc350dc.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-1697"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4134
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a031c9feb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/68618.55f66bef0.js

154.197.121.128

200 OK

10 kB

URL GET HTTP/2
v1.bundlecdn.com/js/68618.55f66bef0.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
JavaScript source, ASCII text, with very long lines (10075), with no line terminators
Size
10 kB (10075 bytes)
Hash
39ba557294165ba0ae55f87f1b1723c9
0f1d0d6c350abc907da9bbcc3000b092f23c2f34
a02620e43d94866ee4b3346309015dfa55fdfd4e6ce9c1bbbd284a3aea5cb753

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/68618.55f66bef0.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 30 Nov 2024 21:58:26 GMT
etag: W/"674b8a82-275b"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1116668
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f5f855eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/apparat.ce7d6f1e1.svg

154.197.121.128

200 OK

1.3 kB

URL GET HTTP/2
v1.bundlecdn.com/img/apparat.ce7d6f1e1.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1333 bytes)
Hash
802e5e254de334c1c7a09dd5c24670ac
9a6de9ce9ef912d2ad35bfa38add13e27affda13
d1f210cf24a76f0e44e9d7794b61595b82d411d93f8ca4776f3c12dc889553ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/apparat.ce7d6f1e1.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-535"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ffe98eeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/clawbuster.cbee8c496.svg

154.197.121.128

200 OK

7.2 kB

URL GET HTTP/2
v1.bundlecdn.com/img/clawbuster.cbee8c496.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
7.2 kB (7206 bytes)
Hash
f8416f8dcd3235a004fd0f963f49f23f
39e8475a24786d8628c740c79c5a5b529d4c64b8
dceeb91746ae362ff863dcd34d3ff53bbebe55b9c564dbe9f926a7f53f65c539

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/clawbuster.cbee8c496.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-1c26"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 989
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a0079f9eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/play%E2%80%99n%20go.c99175608.svg

154.197.121.128

200 OK

4.4 kB

URL GET HTTP/2
v1.bundlecdn.com/img/play%E2%80%99n%20go.c99175608.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
4.4 kB (4359 bytes)
Hash
a330d4714f6b610b6cc5510b9b4b137d
2d7615439196e73ee66785584b7344bc7543199c
94d6a8e4c67e6c06edc392c70b4cd03a898c91074e046e622de8796bf80929ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/play%E2%80%99n%20go.c99175608.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-1107"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a025bd4eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/1win-ny.150142cc7-400.png

154.197.121.128

200 OK

8.4 kB

URL GET HTTP/2
v1.bundlecdn.com/img/1win-ny.150142cc7-400.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
PNG image data, 400 x 164, 8-bit colormap, non-interlaced
Size
8.4 kB (8444 bytes)
Hash
cdbe10d9014c4a3991baa460087241bc
46a30af3051741cf575a0612a76eeaf6456ec6fc
43f48fd1b2310093db5daf12a3c0396320191f51fb960257cf87877dcb059c8c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1win-ny.150142cc7-400.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/png
content-length: 8444
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9291
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6772bd7f-244b"
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
cf-cache-status: HIT
age: 6534
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f739b6eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/20420.bd469c3d6.js

154.197.121.128

200 OK

573 B

URL GET HTTP/2
v1.bundlecdn.com/js/20420.bd469c3d6.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (591), with no line terminators
Size
573 B (573 bytes)
Hash
41330d1d45db0c752d96abc28dbb0644
3e716caf3e130d706d19fff163b8fda8b91574eb
fbcbcecc2dd56e59b3e7ae495a64eafdbee9d493cd3b86ba0ebe14f75e031dc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/20420.bd469c3d6.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 01 Nov 2024 14:37:27 GMT
etag: W/"6724e7a7-23d"
expires: Sun, 31 Dec 2034 05:07:37 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 4147401
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ffd97deb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/pragmatic.362d671f3.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
v1.bundlecdn.com/img/pragmatic.362d671f3.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2373 bytes)
Hash
2e05d6b6da86a723c3064dbe25a5fb29
3bb2343c1a9e073c8eeafc0352f38851690a6f75
cd6c3f3df8e70ff386e824aacf6b31e6b4d25e7b910281896a2e0fc93e62d3ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pragmatic.362d671f3.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-945"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7131
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a026bf9eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/mrslotty/b1d87db5-df6a-4ef6-9e32-ecd5ae9468b1_horizontal.png@avif

154.197.121.128

200 OK

9.3 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/mrslotty/b1d87db5-df6a-4ef6-9e32-ecd5ae9468b1_horizontal.png@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
9.3 kB (9310 bytes)
Hash
312779bdacbf5e85538bb8de9b2bc431
70e6fefd19c7d6147e6530e8cf631712257d121b
da42e4739f67542f8a267f9261fc8c2f93becf3486a9c156673d7b9fe341b95a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/mrslotty/b1d87db5-df6a-4ef6-9e32-ecd5ae9468b1_horizontal.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 9310
cache-control: public, max-age=31536000
content-disposition: inline; filename="b1d87db5-df6a-4ef6-9e32-ecd5ae9468b1_horizontal.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2ZTgxYTA5LTQxZGEzIg"
x-request-id: qFNhl56676q9S79rX6UDE
cf-cache-status: HIT
age: 2761523
expires: Fri, 02 Jan 2026 05:07:38 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a054e51eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/leap.f4cfad944.svg

154.197.121.128

200 OK

2.5 kB

URL GET HTTP/2
v1.bundlecdn.com/img/leap.f4cfad944.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2461 bytes)
Hash
9129fc106fce1317a16bb3acbd708de8
64dead6ad9646ce68218ae82cf9d369811d3b88d
993824f1fe4aa4c5c4132998d9b0a11fb719a92494f86e32d015a980473a59af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/leap.f4cfad944.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-99d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a01cb51eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/onetouch.b026a50c5.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
v1.bundlecdn.com/img/onetouch.b026a50c5.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2394 bytes)
Hash
f04cb7d15621db8eda5af2216a4f824f
a0aa7231bfbe4ddc48be81716c3b31ba5c1702ec
de4ec671f76aa1afb93d074c5ea3b64d3d759cf404a142b359be0d9fccedb84e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/onetouch.b026a50c5.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-95a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a024bc5eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/chunk-common.caa57e44a.js

154.197.121.128

200 OK

862 kB

URL GET HTTP/2
v1.bundlecdn.com/js/chunk-common.caa57e44a.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type

Size
862 kB (861914 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-common.caa57e44a.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:34 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-d26da"
expires: Sun, 31 Dec 2034 05:07:34 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 221026
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ee3841eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/88971.fb97cb756.js

154.197.121.128

200 OK

529 B

URL GET HTTP/2
v1.bundlecdn.com/js/88971.fb97cb756.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (547), with no line terminators
Size
529 B (529 bytes)
Hash
747fc30343cbabbbcd8246b2a4598ccc
9bf22fb112b065a447c3dc013d3e513f7814566d
7970a6d096e6162d9b534b3160178c89ea5aa9c041f6adf5294be76148e09780

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/88971.fb97cb756.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 22 Aug 2024 12:57:33 GMT
etag: W/"66c735bd-211"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 11462472
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f8ab6feb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/amatic.6a3b0b3c0.svg

154.197.121.128

200 OK

992 B

URL GET HTTP/2
v1.bundlecdn.com/img/amatic.6a3b0b3c0.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
992 B (992 bytes)
Hash
d5b13e370f0aba1a1e8eee1af37d1ae5
939bb066584a879312f15c658b7a8436e4db4d15
0be282f2a33a9e10a55c63a05dfffe7c04381910c184afd522d6d7345f9fc2d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/amatic.6a3b0b3c0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-3e0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ff9939eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/64/70e6a05b-06f7-448b-8008-bf93cfa9b008_horizontal.svg

186.2.162.102

200 OK

1.4 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/64/70e6a05b-06f7-448b-8008-bf93cfa9b008_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1377 bytes)
Hash
db747abf9698660961520867f567a92b
7a5f3536cb37364b0c73ce6df4b1e0767c62ad47
ab7389b401b300bf527f9015d890b1cef9e62766332fa229e3c2d510d8c123ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/64/70e6a05b-06f7-448b-8008-bf93cfa9b008_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=ixRFT69r3Xxp6sIV; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67642a82-561"
last-modified: Thu, 19 Dec 2024 14:15:30 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/amigogaming.552a396d7.svg

154.197.121.128

200 OK

6.6 kB

URL GET HTTP/2
v1.bundlecdn.com/img/amigogaming.552a396d7.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
6.6 kB (6553 bytes)
Hash
0942a059390a1164e6b84dce588ff389
30a35fb388d513a5fbab275eee140fc782535b13
eb2e13f11c61c1ee362494628db755668bd15f993a6918f734f6eea05a020680

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/amigogaming.552a396d7.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-1999"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4133
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ffb959eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/betsoft.e2b6126a1.svg

154.197.121.128

200 OK

1.7 kB

URL GET HTTP/2
v1.bundlecdn.com/img/betsoft.e2b6126a1.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
1.7 kB (1713 bytes)
Hash
b8d41fdbe70dfe25d2a7f36a704842a1
740b5059ab76716fdb9ab4d2460df2e63a55a891
37c185de2dc9853a9e31c5a08ab2c9edec78af3a76dc30afe4237f7d76647e38

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betsoft.e2b6126a1.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-6b1"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 989
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a0019b4eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/retrogames.bb592a878.svg

154.197.121.128

200 OK

7.3 kB

URL GET HTTP/2
v1.bundlecdn.com/img/retrogames.bb592a878.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
7.3 kB (7348 bytes)
Hash
58c68473b3dd3ae2f45e31560e366dbf
577748dead61e9aff6756db3bade90442cde170f
e4305fe1e258b0357e17b29825d8fcf96aa9e60f453118e4a69066eb2c955207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/retrogames.bb592a878.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-1cb4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a02bc28eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/cyberslots.988fdd12e.svg

154.197.121.128

200 OK

2.3 kB

URL GET HTTP/2
v1.bundlecdn.com/img/cyberslots.988fdd12e.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
2.3 kB (2305 bytes)
Hash
aeeace00abaabb5ae6a47e900873f09b
d6e4385ea3efcfbfba30b6f0a58ea08ec9a11a95
0c1fdd20cf809c07733b67a12eb0f3cdc88a57ebcbb2ba293a717b4b9b3865ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cyberslots.988fdd12e.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-901"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a008a05eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/slotmill.5edc170d2.svg

154.197.121.128

200 OK

14 kB

URL GET HTTP/2
v1.bundlecdn.com/img/slotmill.5edc170d2.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
14 kB (13831 bytes)
Hash
8c917799ca2bf79cc5b6b3cc223938a2
d6be6cf3afdaf05876894ca0739cf8d4b2e1482c
caff3f3d73139fafd60036d5ef50fe0127ff2ec5dd215cefc79d838789ac1cb4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/slotmill.5edc170d2.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-3607"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a02ec52eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/18860.7fa49e9c9.js

154.197.121.128

200 OK

28 kB

URL GET HTTP/2
v1.bundlecdn.com/js/18860.7fa49e9c9.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
JavaScript source, ASCII text, with very long lines (28320), with no line terminators
Size
28 kB (28320 bytes)
Hash
fdde7cbded7bc79fc00eecc5d489f9a6
617d0cfb7e05700d0db744f63c4f18c0693c204d
0f6e3e5c53c730a88de6f874ab17cb1283f0ed8580bb22b57578f4f0d601f700

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/18860.7fa49e9c9.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Dec 2024 12:31:17 GMT
etag: W/"67601d95-6ea0"
expires: Sun, 31 Dec 2034 05:07:35 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1441480
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f10aeceb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/82369.85ff69ced.js

154.197.121.128

200 OK

31 kB

URL GET HTTP/2
v1.bundlecdn.com/js/82369.85ff69ced.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type

Size
31 kB (30617 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/82369.85ff69ced.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 23 Dec 2024 15:19:14 GMT
etag: W/"67697f72-7799"
expires: Sun, 31 Dec 2034 05:07:35 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 826618
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f5d83ceb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/88627.a855d83e5.js

154.197.121.128

200 OK

95 kB

URL GET HTTP/2
v1.bundlecdn.com/js/88627.a855d83e5.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
95 kB (94891 bytes)
Hash
3be46d4a6d65c54de2d6b32f7d833fbd
920ac70d59a4a2e9f17d2c1c6bae5f994d177c5a
0df80e683567034f90980270484b932ad5b391c66eb61244f26ef6a6ca3d04b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/88627.a855d83e5.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 03 Oct 2024 10:53:16 GMT
etag: W/"66fe779c-172ab"
expires: Sun, 31 Dec 2034 05:07:35 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 7840542
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f5e84aeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/hacksaw.5f0e80ecd.svg

154.197.121.128

200 OK

841 B

URL GET HTTP/2
v1.bundlecdn.com/img/hacksaw.5f0e80ecd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
841 B (841 bytes)
Hash
3371207f99abc98b9fb8ae8e13877c7c
82efe0611bab5262b245fbc98522a20bb2fc6529
ca3477693ffb8842144691591c6344d96dd368cb41b51aaf5e9e40ece7338831

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/hacksaw.5f0e80ecd.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 790
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a019b13eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/igrosoft.32f208d8a.svg

154.197.121.128

200 OK

10 kB

URL GET HTTP/2
v1.bundlecdn.com/img/igrosoft.32f208d8a.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
10 kB (10093 bytes)
Hash
8dea26a8a5e1aa6dc39d5f83bd627572
c7c8056b2b495aeeb05629c627e1bfadfcba38a1
40b4a432cc8ea5dc7bf1248b13c326f3c43d1e6e47da226c69501a375b3e7bd9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/igrosoft.32f208d8a.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-276d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a01ab18eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/css/chunk-common.5b6fb1b63.css

154.197.121.128

200 OK

92 kB

URL GET HTTP/2
v1.bundlecdn.com/css/chunk-common.5b6fb1b63.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
92 kB (92044 bytes)
Hash
37c33532108d766b4b57159faa7063fa
3cc2cf507a5c7f318779a6da30469540c977d548
1420da7b0345628b2153249887fba99dd0724ddcdef462a58b3c4f606d076d93

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-common.5b6fb1b63.css HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:34 GMT
content-type: text/css
last-modified: Mon, 16 Dec 2024 12:31:17 GMT
etag: W/"67601d95-1678c"
expires: Sun, 31 Dec 2034 05:07:34 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1441552
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ee3843eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/betgames.f9572e26f.svg

154.197.121.128

200 OK

3.1 kB

URL GET HTTP/2
v1.bundlecdn.com/img/betgames.f9572e26f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
3.1 kB (3051 bytes)
Hash
22c1b0dd1e37b9c443eda963fe76d96e
7cdb9b3ec3c095dd657c2bc18489b00fc8f5f7fd
058002db89099b878d2fceffc78b9bdc47a5c5e990ebab7af3d1a9bac806a4f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betgames.f9572e26f.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-beb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a0009b0eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/platipus.89b7c6a63.svg

154.197.121.128

200 OK

2.1 kB

URL GET HTTP/2
v1.bundlecdn.com/img/platipus.89b7c6a63.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
2.1 kB (2064 bytes)
Hash
8fa5a8b4c35074405658552e4214cf14
745bad4c9448903212949bb83a85ee6173ff9f95
fa1cf2787099e5780a8e562a655566c98f1cf36c08eadcd158832103595ecf78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/platipus.89b7c6a63.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-810"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a025bd2eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/31310.639eb2a92.js

154.197.121.128

200 OK

528 B

URL GET HTTP/2
v1.bundlecdn.com/js/31310.639eb2a92.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (546), with no line terminators
Size
528 B (528 bytes)
Hash
819ea0d23f76434d7cf7bdad5c0dc71f
06f5a3c6cd80db3f5850633d2f868f55e7e92447
3fc29ff364ab40aadf6f25a1d6423b9d333cfecf786e3cfcc04175850357eedb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/31310.639eb2a92.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 22 Aug 2024 12:57:33 GMT
etag: W/"66c735bd-210"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 11461635
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f70994eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/75920.7cbfcde45.js

154.197.121.128

200 OK

1.3 kB

URL GET HTTP/2
v1.bundlecdn.com/js/75920.7cbfcde45.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1404), with no line terminators
Size
1.3 kB (1336 bytes)
Hash
0ef50a41dd1d3fa3f726b46e63fe7449
0de98f84a240fce8d68159f3e3b31ae9efa9d5e4
94c66f07654b2244d77151e3b7baa48a7f59f2ed15c1ca3bcb8a020610b2a34e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/75920.7cbfcde45.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 07 Nov 2024 13:50:37 GMT
etag: W/"672cc5ad-538"
expires: Sun, 31 Dec 2034 05:07:37 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 4151001
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fccec5eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/belatra.b7d8c5288.svg

154.197.121.128

200 OK

3.9 kB

URL GET HTTP/2
v1.bundlecdn.com/img/belatra.b7d8c5288.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
3.9 kB (3886 bytes)
Hash
8a1dcc1deb894663f917c430fe2d2f66
077483713d601c2cb5708c6801013b43fe3f58f4
e2ac157aa63a894d11b941907b64817e8ded9341e5a13bf6d6580685c5fd4acf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/belatra.b7d8c5288.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-f2e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a0009adeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/evolution.acb5f3085.svg

154.197.121.128

200 OK

2.5 kB

URL GET HTTP/2
v1.bundlecdn.com/img/evolution.acb5f3085.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2522 bytes)
Hash
a27852d0f8f77af9c6a274605b932984
415500832c34ac475d87411fa799dead414701b4
c162d16756ed886b03e4195178b00ea6d54baa3e71ce40f0dd46f3ebb3643e39

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/evolution.acb5f3085.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-9da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7131
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a00ba23eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/19196a7f-6f94-4e95-ae64-0ed485341c5a_horizontal.png@avif

154.197.121.128

200 OK

6.3 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/19196a7f-6f94-4e95-ae64-0ed485341c5a_horizontal.png@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
6.3 kB (6313 bytes)
Hash
18700e049aad5cddb0317379dcd8516a
1fb8845cba57c9b9910908e7904a926f239d3e3e
386c736f568c411ab8de91c55e44664deee004d9c2677be5082ae126f5582e02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/19196a7f-6f94-4e95-ae64-0ed485341c5a_horizontal.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 6313
cache-control: public, max-age=31536000
content-disposition: inline; filename="19196a7f-6f94-4e95-ae64-0ed485341c5a_horizontal.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3NTcxNmU4LTI1NzA3Ig"
expires: Fri, 02 Jan 2026 05:07:38 GMT
x-request-id: 1VrsJ4Ore2NVrXHRfR_SP
cf-cache-status: HIT
age: 1158722
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a050e10eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/41543.798d13104.js

154.197.121.128

200 OK

695 B

URL GET HTTP/2
v1.bundlecdn.com/js/41543.798d13104.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (713), with no line terminators
Size
695 B (695 bytes)
Hash
3a416c7a8b544cab2961aa391df25f73
1760b78a71e89b19890fc1e1d457f20fc7931b8f
63858586d9c72226c0522e2b0dbd181ef99b481aebef11049ac603b942c6876b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/41543.798d13104.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 03 Nov 2024 19:20:56 GMT
etag: W/"6727cd18-2b7"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 4134833
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f92bcdeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/8726.b096c9add.js

154.197.121.128

200 OK

664 B

URL GET HTTP/2
v1.bundlecdn.com/js/8726.b096c9add.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (682), with no line terminators
Size
664 B (664 bytes)
Hash
2e216c1b879ec285c8c32567174c9af4
e1e1af06fe2299d4a230eb5467395ef6bf3354cc
2e286b2372f85cadaa903f3189b912a18def9e9c561f6b4121af91682164cca2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/8726.b096c9add.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 22 Aug 2024 12:57:33 GMT
etag: W/"66c735bd-298"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 11461285
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f8ab71eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/16/d77992bd-096a-4fa0-abee-fa748250292e_horizontal.svg

186.2.162.102

200 OK

12 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/16/d77992bd-096a-4fa0-abee-fa748250292e_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
12 kB (11502 bytes)
Hash
8761b08a9144bf9335f76c65ae4373a8
b329554c9489b51202d4cec560a14195f4f68c34
1005ecb62ca58014b911479a3ef25ec30130a7fd5ba83083280ef0ff5e57bd90

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/16/d77992bd-096a-4fa0-abee-fa748250292e_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=l0W8D3mBmNOl3T3h; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67642bf6-2cee"
last-modified: Thu, 19 Dec 2024 14:21:42 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/gaming%20corps.88eb0eda9.svg

154.197.121.128

200 OK

1.0 kB

URL GET HTTP/2
v1.bundlecdn.com/img/gaming%20corps.88eb0eda9.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1020 bytes)
Hash
2188103cd518837818d57586c86221e6
77e155473fd0a61a10e69618b51856367acc358c
2e1ea3b39a2af9e3907045cadbc4c95bb7f005a5cbf4edb723e9c9bb70f6ec22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gaming%20corps.88eb0eda9.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-3fc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a014aadeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/softswiss/7202fde4-8d82-4287-aacb-7aa7ebf6dc3a.png@avif

154.197.121.128

200 OK

8.1 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/softswiss/7202fde4-8d82-4287-aacb-7aa7ebf6dc3a.png@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
8.1 kB (8136 bytes)
Hash
8747f5833068e0d4f078e3216681f5c5
933062a9e482255ca23698066a4e7fa95e6cff76
253ddf8a11a35b47068b6747948accd1f262f5c63ca99185d41aa55ae38c350d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/softswiss/7202fde4-8d82-4287-aacb-7aa7ebf6dc3a.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 8136
cache-control: public, max-age=31536000
content-disposition: inline; filename="7202fde4-8d82-4287-aacb-7aa7ebf6dc3a.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2OTkzMjViLTU1ZjUzIg"
expires: Fri, 02 Jan 2026 05:07:38 GMT
x-request-id: mfJOcnp-wXTvMskeE0W-t
cf-cache-status: HIT
age: 2872087
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a054e4eeb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/spadegaming.8dc1e9a8e.svg

154.197.121.128

200 OK

3.8 kB

URL GET HTTP/2
v1.bundlecdn.com/img/spadegaming.8dc1e9a8e.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
3.8 kB (3805 bytes)
Hash
747a1c4577c4f0216b3c2312e11b1950
c38313a9fb030d29f16ed7bbc1dab939a874aff5
e6e69bc9af907311e8e0d47d368dc74a985349748dc05803b4717e4aa8a3f6c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spadegaming.8dc1e9a8e.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-edd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a02ec5eeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/a2252c30-855a-4c92-bd5e-3e49bf2e34bb.png@avif

154.197.121.128

200 OK

8.5 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/a2252c30-855a-4c92-bd5e-3e49bf2e34bb.png@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
8.5 kB (8496 bytes)
Hash
32f27c0e41de554196c169e49ab72fd9
75e07fce126fac39c3aa140d21ee177966576587
7716ac3e7eeff70009a3014ca990599027fe286e051ae2200b57d6f763189a65

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/a2252c30-855a-4c92-bd5e-3e49bf2e34bb.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 8496
cache-control: public, max-age=31536000
content-disposition: inline; filename="a2252c30-855a-4c92-bd5e-3e49bf2e34bb.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MmMxYjQ4LTRmNzBiIg"
x-request-id: BPsjs3D39rN3AsCQtIVJY
cf-cache-status: HIT
age: 4147401
expires: Fri, 02 Jan 2026 05:07:38 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a051e21eb51-CPH
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/softswiss/64537a1b-dc10-434b-b725-2cbb70c2445d.png@avif

154.197.121.128

200 OK

6.1 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/softswiss/64537a1b-dc10-434b-b725-2cbb70c2445d.png@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
6.1 kB (6122 bytes)
Hash
80a55e241af8d78640f59edebed03283
47ea98426b0cf10544ddc88a2de725b5e78f683a
90228d36e666539b2b9719957b4afc12b734b9a4e150728d805054a175afffe9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/softswiss/64537a1b-dc10-434b-b725-2cbb70c2445d.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 6122
cache-control: public, max-age=31536000
content-disposition: inline; filename="64537a1b-dc10-434b-b725-2cbb70c2445d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0YzM5NDdjLTQ4YWI5Ig"
x-request-id: EhZOsSJOLFkZjNW_U5BS5
cf-cache-status: HIT
age: 4179031
expires: Fri, 02 Jan 2026 05:07:38 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a052e32eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/css/82528.22e1ade34.css

154.197.121.128

200 OK

43 kB

URL GET HTTP/2
v1.bundlecdn.com/css/82528.22e1ade34.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ASCII text, with very long lines (42988)
Size
43 kB (42989 bytes)
Hash
2b192144fc9d504050671bdb365b1cf3
4de7e5cf57e7f710d5638827283954830fcad7a6
8216d84cbdb10d6c81225eac2b75e8d29dd66b0e2f88f44effc92daeeb36d456

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/82528.22e1ade34.css HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:35 GMT
content-type: text/css
last-modified: Wed, 25 Dec 2024 13:36:36 GMT
etag: W/"676c0a64-a7ed"
expires: Sun, 31 Dec 2034 05:07:35 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 659339
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f10afaeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/lucky-jet.f927485da.svg

154.197.121.128

200 OK

4.0 kB

URL GET HTTP/2
v1.bundlecdn.com/img/lucky-jet.f927485da.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
4.0 kB (3981 bytes)
Hash
46387a9ff4a17ec246107df243120bfb
f662dcb3e5629d8b9dcd169f73e31f95309bda40
b3cffaeaa51fa3689ab70d930776d565a90ab7caaaace2f1cac5f67cfc13205f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4134
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f749bfeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/speed-and-cash.dffacd6c5.svg

154.197.121.128

200 OK

24 kB

URL GET HTTP/2
v1.bundlecdn.com/img/speed-and-cash.dffacd6c5.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
24 kB (23479 bytes)
Hash
3c62bcde419e822cfa55d45a05fa112d
77631a7cbc25e1d4567b72cc5b8c4acb43c7eb38
feb59050cb394075bb3efee348121151a8a214d673e69b1a3b8021e85a46c5f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4134
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f759dceb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/booming%20games.dcdb710e5.svg

154.197.121.128

200 OK

3.7 kB

URL GET HTTP/2
v1.bundlecdn.com/img/booming%20games.dcdb710e5.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
3.7 kB (3686 bytes)
Hash
abe333b6bd8e5ae5d1fee38eec9a2d51
77b6883040ac9a78ac24d8b17b77ada1c1051401
a38d4b7fd0fce1eb15ae4fb20f46ddfa22e0da8267a3dfcac961777da94312c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/booming%20games.dcdb710e5.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-e66"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a0079f4eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/funky%20games.dcf6a7494.svg

154.197.121.128

200 OK

9.4 kB

URL GET HTTP/2
v1.bundlecdn.com/img/funky%20games.dcf6a7494.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
9.4 kB (9402 bytes)
Hash
1f1dc5cfd85561feb3ad7816b8226bbc
e22392a98550aa81658fe6da61abd8a693ed48f2
43e6e370401e4beb2f68cf7a51e75aedca23cfb7a10fcf43364b2ffde7bbbe41

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/funky%20games.dcf6a7494.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-24ba"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a010a5ceb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/337/5c5c2a47-1579-4120-9c5f-4d0690b801fb_horizontal.svg

186.2.162.102

200 OK

3.5 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/337/5c5c2a47-1579-4120-9c5f-4d0690b801fb_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
3.5 kB (3468 bytes)
Hash
ecfeb8fdee176977a891728cf8c5231c
5f96b099c51276809586adee905a5552a072ed76
edb9bfcd9b21ec90dd2c9873aeb6e015b7e1c7faa3718669144ecde35373a48e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/337/5c5c2a47-1579-4120-9c5f-4d0690b801fb_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=JIgsCTMdS2oZ1GH2; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67642dd9-d8c"
last-modified: Thu, 19 Dec 2024 14:29:45 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/rogue.f414ab313.svg

154.197.121.128

200 OK

49 kB

URL GET HTTP/2
v1.bundlecdn.com/img/rogue.f414ab313.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
49 kB (49339 bytes)
Hash
a251d6690d6d11138ee3a8ba9631bc8d
36b157866171743619c7e18b3fcd3e33933e7570
d5c608fc964c22e1a3855bc59d0821272f63bf78c69273075f600c481935cc59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rogue.f414ab313.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-c0bb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a02bc2deb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/aviator-game-logo.2fb50dc03.svg

154.197.121.128

200 OK

3.1 kB

URL GET HTTP/2
v1.bundlecdn.com/img/aviator-game-logo.2fb50dc03.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
3.1 kB (3066 bytes)
Hash
ced188fd368f5c8439ebd4398c9c9315
3b04cd5dfecda2e4b27b203dba4a6cef1b7890ea
82811dea95287317cc83610df97a7bc61db4783bd43ef75c8131c497f7868ef6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4134
expires: Thu, 02 Jan 2025 09:07:36 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f759dfeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/tenant/1/categories/334/db813a25-6b11-4acb-ab0a-a5d6df469cb3_horizontal.svg

186.2.162.102

200 OK

3.5 kB

URL GET HTTP/2
1wmlv.com/casino-images/tenant/1/categories/334/db813a25-6b11-4acb-ab0a-a5d6df469cb3_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
3.5 kB (3468 bytes)
Hash
ecfeb8fdee176977a891728cf8c5231c
5f96b099c51276809586adee905a5552a072ed76
edb9bfcd9b21ec90dd2c9873aeb6e015b7e1c7faa3718669144ecde35373a48e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/tenant/1/categories/334/db813a25-6b11-4acb-ab0a-a5d6df469cb3_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=rwQedzE3PQE1igEg; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67572611-d8c"
last-modified: Mon, 09 Dec 2024 17:17:05 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/raw%20igaming.925b07db7.svg

154.197.121.128

200 OK

123 kB

URL GET HTTP/2
v1.bundlecdn.com/img/raw%20igaming.925b07db7.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
123 kB (123248 bytes)
Hash
855f913621e0962e247d212b96a45ff0
c08b2d101f01ac1d0b421a77f8b10148fcce33f7
82f801170a364ddcc97b6f4cf3389973aa37c7a299b4f73ebeee33608783dffc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/raw%20igaming.925b07db7.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-1e170"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a028c0eeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/revolver.4377b394a.svg

154.197.121.128

200 OK

1.7 kB

URL GET HTTP/2
v1.bundlecdn.com/img/revolver.4377b394a.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
1.7 kB (1650 bytes)
Hash
52dccedd275d7f3e0c1d260c80696345
fe2afbf3ed622bcb48280264d79e96948ce57508
f3ce141b68d042011f1c6928e6b4fabfb1246985faaf6d81d8596f1c97d52716

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/revolver.4377b394a.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-672"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a02bc29eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/fazi.19d7f4b72.svg

154.197.121.128

200 OK

645 B

URL GET HTTP/2
v1.bundlecdn.com/img/fazi.19d7f4b72.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
645 B (645 bytes)
Hash
c2948d97afb6d8e1cf8e7b50b62a9272
a1607553e252407e35addae9b48c1cedfeebd048
309347ec479f691cb02b9aaac9c06aea9cbefa075c591a35b0651e8928e64792

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fazi.19d7f4b72.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-285"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a00fa4ceb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js

142.250.74.35

200 OK

560 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint40:A7:D7:D3:7D:FA:BE:34:C0:7E:6F:F7:9F:55:52:22:92:07:C7:EF
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type

Size
560 kB (560258 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 220882
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Dec 2024 08:42:41 GMT
expires: Wed, 31 Dec 2025 08:42:41 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 159897
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1wmlv.com/firebase/8.1.1/firebase-app.js

186.2.162.102

200 OK

20 kB

URL GET HTTP/2
1wmlv.com/firebase/8.1.1/firebase-app.js
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
JavaScript source, ASCII text, with very long lines (19927)
Size
20 kB (19949 bytes)
Hash
5b9dcee25dd464bbf914b48e05e770c7
3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533
01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=yHAdNQy17Z8QcCfJ; __ddg9_=91.90.42.154; __ddg10_=1735794455; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJwYWdlQ291bnRlciUyMiUzQTAlN0Q=; 1w_locale=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=ban0gFBrFjBMrmlG; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:35 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:35 GMT
__ddg10_=1735794455; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:35 GMT
date: Thu, 02 Jan 2025 05:07:35 GMT
content-type: application/javascript
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
vary: Accept-Encoding
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/144/52431518-cd24-4634-aa36-12a4e432da8b_horizontal.svg

186.2.162.102

200 OK

3.5 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/144/52431518-cd24-4634-aa36-12a4e432da8b_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
3.5 kB (3468 bytes)
Hash
ecfeb8fdee176977a891728cf8c5231c
5f96b099c51276809586adee905a5552a072ed76
edb9bfcd9b21ec90dd2c9873aeb6e015b7e1c7faa3718669144ecde35373a48e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/144/52431518-cd24-4634-aa36-12a4e432da8b_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=yesVXgXIHZqe2cCi; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67642caf-d8c"
last-modified: Thu, 19 Dec 2024 14:24:47 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/caleta.67834e596.svg

154.197.121.128

200 OK

1.3 kB

URL GET HTTP/2
v1.bundlecdn.com/img/caleta.67834e596.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1273 bytes)
Hash
34749bb6ed3a49b2d71ce61d40fa176a
a402c4f4b0488ecc061c3c3945fcfc7a5bbc7082
f565edf5906ae939ebf984225eee058e6e52339daae79fc95135adcb75420cda

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/caleta.67834e596.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-4f9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a0079f8eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/relax.1a68769f8.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
v1.bundlecdn.com/img/relax.1a68769f8.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1407 bytes)
Hash
d29d9c49a3e8be4842246e8b658651b1
71129bcf41f71edffe3fb4db0b4ff2faf37bd536
67d8edefc6b96e711c297519bc268d93c477cebc6a6cd0f912bb1567ee2a71eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/relax.1a68769f8.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 791
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a02ac22eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/328/47a15c5a-e03d-4f12-855c-15a2d3fce741_horizontal.svg

186.2.162.102

200 OK

3.5 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/328/47a15c5a-e03d-4f12-855c-15a2d3fce741_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
3.5 kB (3468 bytes)
Hash
ecfeb8fdee176977a891728cf8c5231c
5f96b099c51276809586adee905a5552a072ed76
edb9bfcd9b21ec90dd2c9873aeb6e015b7e1c7faa3718669144ecde35373a48e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/328/47a15c5a-e03d-4f12-855c-15a2d3fce741_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=E4Tun1KcryMGOt4a; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67642e3f-d8c"
last-modified: Thu, 19 Dec 2024 14:31:27 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/1win%20games.e1a2e735d.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
v1.bundlecdn.com/img/1win%20games.e1a2e735d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2152 bytes)
Hash
9e3ba6f250ab3b732894dafe2871ff25
640342ba70fca1467efb67061fd7f7aede942899
9ac77e0392b25102ec5cf2d2ac6a8f78fecb5b08df6807ec1c29091929f453dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1win%20games.e1a2e735d.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-868"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7131
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fee853eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/1x2%20multiplayer.6636fe414.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
v1.bundlecdn.com/img/1x2%20multiplayer.6636fe414.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2192 bytes)
Hash
237e2c605d143825d1584ac48710ba41
a9ed0c184993c1c286782669b106e837226f4505
f9a8ec7b307c62df6bd4c795a5508f6956d49069fbb208b73499fafd90bd9be0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1x2%20multiplayer.6636fe414.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-890"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 790
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ff287beb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/7777%20gaming.728b84431.svg

154.197.121.128

200 OK

552 B

URL GET HTTP/2
v1.bundlecdn.com/img/7777%20gaming.728b84431.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
552 B (552 bytes)
Hash
5f9f4657eab9307326836202222ed0de
7f0c7a88f3eac20efa5770f872fc92ffa9f19ca5
7966f94bad870226a5a17e7da9fb5d671471ff579700d48dc366a2159f625c27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/7777%20gaming.728b84431.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-228"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 790
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ff5895eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/apollo%20play.610da8846.svg

154.197.121.128

200 OK

5.5 kB

URL GET HTTP/2
v1.bundlecdn.com/img/apollo%20play.610da8846.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
5.5 kB (5515 bytes)
Hash
50314c7ffb9d11a02d2c58c66e124e29
3ebfb6e02132e3281c64e7866a621fc9ff43678e
c6073fd4fbb0239b24f30fc4d2e90e2d34060adb4854b0b3eb34e5c0e363346d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/apollo%20play.610da8846.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-158b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ffe98beb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/gamzix.7bd980c59.svg

154.197.121.128

200 OK

3.4 kB

URL GET HTTP/2
v1.bundlecdn.com/img/gamzix.7bd980c59.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
3.4 kB (3354 bytes)
Hash
9dbec2c3636f9582c11057d1152cc130
3a09a7f0f406aac6e930f3a2fbfb4acd8fdb91f2
d009db380d9bcf8d404b9a83104b72c0c4b2e7a57b0a2ce04dfbafdb1d66e14e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gamzix.7bd980c59.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-d1a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a015ab3eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/popiplay.87bfe20c1.svg

154.197.121.128

200 OK

1.2 kB

URL GET HTTP/2
v1.bundlecdn.com/img/popiplay.87bfe20c1.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1246 bytes)
Hash
cb4524a20a93cd74f3394390965d4cdf
a885696e8241a350ce630bc114241096a3bf8895
cdf40f6a08b51400d2bd645358060b6cc4508565bb42c5b515969f4174c0b8b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/popiplay.87bfe20c1.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-4de"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 989
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a026bf7eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/spinmatic.f74cf69af.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
v1.bundlecdn.com/img/spinmatic.f74cf69af.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2157 bytes)
Hash
12c6733c47b71d93b36447dcb999d080
f6440015ef35215d9009b4f08340145df1f7d9e1
fb365d3e4d36a26db4aae3e00690d0b35f5289b5e80c371ed687b7239be22f07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spinmatic.f74cf69af.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-86d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a02fc61eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2

154.197.121.128

200 OK

17 kB

URL GET HTTP/2
v1.bundlecdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16852, version 1.0
Size
17 kB (16852 bytes)
Hash
c4f31a30bdf4dbced79fb75fc03111cf
14765799051deb933539e19f1ffa26198cabd4c1
cded98e2b95ccbf34690d20e4d466e2457d754f960b819d052d188dae2c9e9fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSDisplay-cyrillic.e423f3776.woff2 HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wmlv.com
DNT: 1
Connection: keep-alive
Referer: https://v1.bundlecdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/octet-stream
content-length: 16852
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: "6772bd7f-41d4"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f95e8210c1-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg

154.197.121.128

200 OK

1.0 kB

URL GET HTTP/2
v1.bundlecdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1023 bytes)
Hash
923ec09a017c369d475682b8b60fe652
f2a4cf5f06644b65bb3df522652a41a2b09c2aa9
7dd1302808a915df5f6af1480cd4fc562a8ad77550aa3ec0a32d5663d8d6afc6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 790
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fcbeb2eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c&gtm=45He4cc1v894400803za200

142.250.74.168

200 OK

294 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c&gtm=45He4cc1v894400803za200
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintFA:A6:D6:5C:A6:DC:BE:D1:9A:34:42:70:3B:66:13:21:40:A4:C9:E4
ValidityMon, 02 Dec 2024 08:35:56 GMT - Mon, 24 Feb 2025 08:35:55 GMT

File type
JavaScript source, ASCII text, with very long lines (3969)
Size
294 kB (294388 bytes)
Hash
3f6574b7afbf3e2f0a5b5db711be1498
28fe4859f3e72610b4f2026e8ddab37cd64d9e5c
d74dba0f8d71afb37b842031fa0985d8b81ddd7a761851697e8fb2840476fd50

HTTP Headers

GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c&gtm=45He4cc1v894400803za200 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 Jan 2025 05:07:37 GMT
expires: Thu, 02 Jan 2025 05:07:37 GMT
cache-control: private, max-age=900
last-modified: Thu, 02 Jan 2025 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 101161
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/softswiss/7da0e06e-3d0a-42bd-b4ff-fe0ce987a8fd.jpg@avif

154.197.121.128

200 OK

9.4 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/softswiss/7da0e06e-3d0a-42bd-b4ff-fe0ce987a8fd.jpg@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
9.4 kB (9360 bytes)
Hash
c993ef10710bf11cd2e479bf49beebf6
b414ec4464c234df9248ca12ebbc5286f44c3bf4
2966852eb7c2c8523ce3c5bb3e9dbb10c881a4bc6f8daa1ab0f0fbc63d740aea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/softswiss/7da0e06e-3d0a-42bd-b4ff-fe0ce987a8fd.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 9360
cache-control: public, max-age=31536000
content-disposition: inline; filename="7da0e06e-3d0a-42bd-b4ff-fe0ce987a8fd.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ODgyOWM3LTI0YmQ1Ig"
x-request-id: 1-vk2MVdkztD-r4aZjQdr
cf-cache-status: HIT
age: 3432399
expires: Fri, 02 Jan 2026 05:07:38 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a054e50eb51-CPH
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/winfinity.84ed6fd84.svg

154.197.121.128

200 OK

1.7 kB

URL GET HTTP/2
v1.bundlecdn.com/img/winfinity.84ed6fd84.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
1.7 kB (1683 bytes)
Hash
12d8887e88ea640078d4c6434ccb65ef
1addb80aed1975e140df3e8abf3b7dc22b689b27
67012288d0973711965a30b1dd60d59c090b3646c26d6a874aba595532786fab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/winfinity.84ed6fd84.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-693"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4134
expires: Thu, 02 Jan 2025 09:07:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a031c93eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/62825.f936628cb.js

154.197.121.128

200 OK

736 B

URL GET HTTP/2
v1.bundlecdn.com/js/62825.f936628cb.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (768), with no line terminators
Size
736 B (736 bytes)
Hash
a56324a88fee02690b8a3ed35e889018
18e9af315ba78b3b7f467894aa838ef2eefee254
dd0ed1a086018d01466171d96d3c7d99fe4a0d88e8d965bd2d08f31dfa541202

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/62825.f936628cb.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 22 Aug 2024 12:57:33 GMT
etag: W/"66c735bd-2e0"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 11462602
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f93bd7eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/310/09a8264f-3e76-40df-ae40-8b4cd517211f_horizontal.svg

186.2.162.102

200 OK

3.5 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/310/09a8264f-3e76-40df-ae40-8b4cd517211f_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
3.5 kB (3468 bytes)
Hash
ecfeb8fdee176977a891728cf8c5231c
5f96b099c51276809586adee905a5552a072ed76
edb9bfcd9b21ec90dd2c9873aeb6e015b7e1c7faa3718669144ecde35373a48e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/310/09a8264f-3e76-40df-ae40-8b4cd517211f_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=OIARisLhE5NSMG7Y; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67642df9-d8c"
last-modified: Thu, 19 Dec 2024 14:30:17 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/210003/b59412e5-121e-4c27-bcd8-4cfb14631ebd_horizontal.svg

186.2.162.102

200 OK

3.5 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/210003/b59412e5-121e-4c27-bcd8-4cfb14631ebd_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
3.5 kB (3468 bytes)
Hash
ecfeb8fdee176977a891728cf8c5231c
5f96b099c51276809586adee905a5552a072ed76
edb9bfcd9b21ec90dd2c9873aeb6e015b7e1c7faa3718669144ecde35373a48e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/210003/b59412e5-121e-4c27-bcd8-4cfb14631ebd_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=qXX4YagW0Tz4BW7E; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"676e9ef4-d8c"
last-modified: Fri, 27 Dec 2024 12:35:00 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/b48334cd-6d24-4c89-80e3-95a53d3787d3.jpg@avif

154.197.121.128

200 OK

7.4 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/b48334cd-6d24-4c89-80e3-95a53d3787d3.jpg@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
7.4 kB (7394 bytes)
Hash
7972648ef655e64fddc1c3a70647a6b9
5d867e43697c855c5273ed22a9f8eecb0229ad5b
922346f30861acd3e091a3a55fbb4e3944c20f6de158eaa64af434cac6e6719d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/b48334cd-6d24-4c89-80e3-95a53d3787d3.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 7394
cache-control: public, max-age=31536000
content-disposition: inline; filename="b48334cd-6d24-4c89-80e3-95a53d3787d3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MmMxY2M0LTEyMDFiIg"
expires: Fri, 02 Jan 2026 05:07:38 GMT
x-request-id: uh59Iv8zeMICa4vbj9aNQ
cf-cache-status: HIT
age: 1204653
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a050e05eb51-CPH
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/261/d536e677-8baa-44b2-a738-414bb69dbe87_horizontal.svg

186.2.162.102

200 OK

3.5 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/261/d536e677-8baa-44b2-a738-414bb69dbe87_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
3.5 kB (3468 bytes)
Hash
ecfeb8fdee176977a891728cf8c5231c
5f96b099c51276809586adee905a5552a072ed76
edb9bfcd9b21ec90dd2c9873aeb6e015b7e1c7faa3718669144ecde35373a48e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/261/d536e677-8baa-44b2-a738-414bb69dbe87_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=n4AQIX9Q9YRifKqO; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67642e59-d8c"
last-modified: Thu, 19 Dec 2024 14:31:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/1c6a1308-f428-4ef9-b294-cb45e9fc97d1.jpg@avif

154.197.121.128

200 OK

8.3 kB

URL GET HTTP/2
imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/1c6a1308-f428-4ef9-b294-cb45e9fc97d1.jpg@avif
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
ISO Media, AVIF Image
Size
8.3 kB (8306 bytes)
Hash
d7d1213525ac2a3a82386dc125b769fd
ce74cc66132e55218e8e108d3964acfc0587b9e9
3abafaf2afccb5c5b642a62ea7304f9249b9b3270a882d1d9f642bf8d6435865

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/1c6a1308-f428-4ef9-b294-cb45e9fc97d1.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:38 GMT
content-type: image/avif
content-length: 8306
cache-control: public, max-age=31536000
content-disposition: inline; filename="1c6a1308-f428-4ef9-b294-cb45e9fc97d1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ZjliZjlmLTI0NWJmIg"
x-request-id: AatOKbb2Y9A6bBi1H-w7Z
cf-cache-status: HIT
age: 5345272
expires: Fri, 02 Jan 2026 05:07:38 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a053e3aeb51-CPH
X-Firefox-Spdy: h2

GET 1wmlv.com/threatmetrix/v5/fp-clientlib-v5.js

186.2.162.102

200 OK

3.7 kB

URL GET HTTP/2
1wmlv.com/threatmetrix/v5/fp-clientlib-v5.js
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
JavaScript source, ASCII text, with very long lines (3833), with no line terminators
Size
3.7 kB (3706 bytes)
Hash
0b5b1808079a097c1bb33b6103158768
a53f6ad44f10c12845675f53d54b8a8ece9a0b42
e510addc8ab953586f3df4fc55d8e1ffb3a05eacbbd12004b3998d9cdd4ac33d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /threatmetrix/v5/fp-clientlib-v5.js HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=yHAdNQy17Z8QcCfJ; __ddg9_=91.90.42.154; __ddg10_=1735794455; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJwYWdlQ291bnRlciUyMiUzQTAlN0Q=; 1w_locale=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=18JaHVRmlPVyKIqK; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:35 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:35 GMT
__ddg10_=1735794455; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:35 GMT
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-e7a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
vary: Accept-Encoding
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/wta.c6d5e2ef3.svg

154.197.121.128

200 OK

3.3 kB

URL GET HTTP/2
v1.bundlecdn.com/img/wta.c6d5e2ef3.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
3.3 kB (3332 bytes)
Hash
040d7f0a9e965031fe2520530582a5d3
015a448fc7cbd8ca0b74360915ee71513921dbc1
fac8ba2fc8936b7a7f9faf5e0f94031ec8ad096c8094f026fc5fb67d5b2bff59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/wta.c6d5e2ef3.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-d04"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5330
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839fc4e4feb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET 1wmlv.com/casino-images/1/categories/10/4cd82f8d-1339-49b5-9cef-84f7fe33d272_horizontal.svg

186.2.162.102

200 OK

5.1 kB

URL GET HTTP/2
1wmlv.com/casino-images/1/categories/10/4cd82f8d-1339-49b5-9cef-84f7fe33d272_horizontal.svg
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wmlv.com/
Certificate
IssuerLet's Encrypt
Subject1wmlv.com
FingerprintEF:49:35:7B:A5:9A:4D:4E:9E:69:55:98:AA:26:D9:8A:26:BE:2F:82
ValidityFri, 20 Dec 2024 13:28:44 GMT - Thu, 20 Mar 2025 13:28:43 GMT

File type
SVG Scalable Vector Graphics image
Size
5.1 kB (5126 bytes)
Hash
a16b5e1a3a9c38a4eff72812cadc2315
078178e38d8f037fbf0c9f21c1d3635197091ace
e3331edc7a7d4ffbe23d13779b64622bec586ed281d42e7e36a565a5f6088714

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casino-images/1/categories/10/4cd82f8d-1339-49b5-9cef-84f7fe33d272_horizontal.svg HTTP/1.1
Host: 1wmlv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Cookie: __ddg8_=fwbJYTirxqYpoIuw; __ddg9_=91.90.42.154; __ddg10_=1735794456; __ddg1_=S7wYT78fSAJSkRMkWDxQ; visit_domain=1wmlv.com; 1w_lang=en; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxMjA2YTgxMi0zOTQ5LTRhMTAtYThhNS04ZTMzZDMxODhkMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzM1Nzk0NDU1NDc0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTczNTc5NDQ1NTk0MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=0ZwR5qMj1LMMmwxN; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg9_=91.90.42.154; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
__ddg10_=1735794457; Domain=.1wmlv.com; Path=/; Expires=Thu, 02-Jan-2025 05:27:37 GMT
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"67642d35-1406"
last-modified: Thu, 19 Dec 2024 14:27:01 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-status: HIT
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/1spin4win.bb21057a4.svg

154.197.121.128

200 OK

1.2 kB

URL GET HTTP/2
v1.bundlecdn.com/img/1spin4win.bb21057a4.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1242 bytes)
Hash
c7e582dcd4acb7d74e4065abbe28183e
d04183d1e1dc6665f54a667c7977b6c6a3672791
671ef5f707012d29c043164d157ca7028d371107dca629046657198f1f0173c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1spin4win.bb21057a4.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-4da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 790
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ff186deb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/evoplay.ea6a25e14.svg

154.197.121.128

200 OK

346 B

URL GET HTTP/2
v1.bundlecdn.com/img/evoplay.ea6a25e14.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
346 B (346 bytes)
Hash
8262d06d45fecc269a1f8efafabbd602
1d7fd86fc93adb062d3fb9934edb66ced5ee8487
3b0becd497d9d2c1cdba10b4d5e4c6056a04fc552aac15119db812fe2dbb2172

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/evoplay.ea6a25e14.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-15a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5330
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a00ba24eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/ezugi.a9c66babd.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
v1.bundlecdn.com/img/ezugi.a9c66babd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1439 bytes)
Hash
329b99ccd51d8cd3e1a5c8a1b83a84eb
ad907259ddfcffb089829ad24a4411ff1cd4b1c0
96e851dca3bca1d7d99061ec91cab28bd2c037ce8732e80a4ed601e86c0e67c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 989
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a00da34eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/35967.7afed69d8.js

154.197.121.128

200 OK

958 B

URL GET HTTP/2
v1.bundlecdn.com/js/35967.7afed69d8.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (986), with no line terminators
Size
958 B (958 bytes)
Hash
f101f5dc77f24d2d3912e2c93bc1edc4
49f1e57d6778aad6b5a46d2cfb37ca3211dc6374
ca67bce590a2a7f3283eb1c50196d936b87658532ef3ac5485ba1459ad1577f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/35967.7afed69d8.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 13 Dec 2024 15:34:55 GMT
etag: W/"675c541f-3be"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 789962
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f8ab72eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/js/icons-pack-payment-full.a276033bc.js

154.197.121.128

200 OK

142 kB

URL GET HTTP/2
v1.bundlecdn.com/js/icons-pack-payment-full.a276033bc.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
142 kB (141821 bytes)
Hash
86d09ae15753ec08cf050441a41ad602
05c72de729150385f071def5232f416422cc3f57
7598ea9b0f69a9d971822d733e343dc84d3ad5216c26a491a68315fc81235f3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/icons-pack-payment-full.a276033bc.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:36 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 03 Nov 2024 19:20:56 GMT
etag: W/"6727cd18-229fd"
expires: Sun, 31 Dec 2034 05:07:36 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 3035293
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839f93bd8eb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET res.1wcommon.com/bs7qqzjeeal6kblg.js?pl8k35lffzuhuc3d=3fb27s7b&sfrl0mtkdj3c2sba=7db5258a-2e20-4978-9eeb-cc5e24ac034c

91.235.132.77

200 OK

99 kB

URL GET HTTP/1.1
res.1wcommon.com/bs7qqzjeeal6kblg.js?pl8k35lffzuhuc3d=3fb27s7b&sfrl0mtkdj3c2sba=7db5258a-2e20-4978-9eeb-cc5e24ac034c
IP
91.235.132.77:443
ASN
#30286 THM

Requested by
https://1wmlv.com/
Certificate
IssuerSectigo Limited
Subjectres.1wcommon.com
FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28
ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (15506)
Size
99 kB (98826 bytes)
Hash
528e6f4b4fe7d00d52f1f2488a8ae962
6c889cdd8f635cdb2f2d18ec52be3cc744b64489
bafca11845149efb8d27c90b3bf72e6b5d556d1e50f7b47c5beb286271188cd1

HTTP Headers

GET /bs7qqzjeeal6kblg.js?pl8k35lffzuhuc3d=3fb27s7b&sfrl0mtkdj3c2sba=7db5258a-2e20-4978-9eeb-cc5e24ac034c HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Jan 2025 05:07:37 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Robots-Tag: noindex, nofollow
P3P: CP=IVAa PSAa
Set-Cookie: thx_guid=8729e46aa671ab94df8e96dfa2d5e1c1; Max-Age=155520000; Version=1; HttpOnly; Path=/; Secure; SameSite=None;
tmx_guid=AAw4t_FmaJEfT5hn1rLAVqgau2x66GZl3thIvkEfEzRorL6ayUFPAzUTAeaSJmT72sL_QyHHRn1j2tYzPd3t3vLk4a2fOg; Max-Age=155520000; Version=1; HttpOnly; Path=/; Secure; SameSite=None;
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked

GET v1.bundlecdn.com/img/4theplayer.f89265cdd.svg

154.197.121.128

200 OK

4.2 kB

URL GET HTTP/2
v1.bundlecdn.com/img/4theplayer.f89265cdd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
4.2 kB (4199 bytes)
Hash
5cb7cf2507e642be8dd905487dc5ab67
68ad93bac5948542dade50964d8384eb9bff3573
f5bc2b7e50f7ecad4b80ce6102973c2cba12fdbd502b64505788c6f82ba08b66

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/4theplayer.f89265cdd.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-1067"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 790
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb839ff388beb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET v1.bundlecdn.com/img/bgaming.ae3573ff9.svg

154.197.121.128

200 OK

4.0 kB

URL GET HTTP/2
v1.bundlecdn.com/img/bgaming.ae3573ff9.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wmlv.com/
Certificate
IssuerGoogle Trust Services
Subjectv1.bundlecdn.com
Fingerprint53:05:59:66:F1:28:B3:CD:1E:68:05:63:41:91:24:8B:BC:30:E4:56
ValidityWed, 20 Nov 2024 00:56:50 GMT - Tue, 18 Feb 2025 00:56:49 GMT

File type
SVG Scalable Vector Graphics image
Size
4.0 kB (3997 bytes)
Hash
f2081caf12b5dad178e766a8bd906e19
5ffdd19030dd7868b979fa8c19243e62b70eabb8
ac0b648f44a2ab64ba3f4e7517ebbe6ba9ff28082268f67b9afebc0d8d38e884

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bgaming.ae3573ff9.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wmlv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Jan 2025 05:07:37 GMT
content-type: image/svg+xml
last-modified: Mon, 30 Dec 2024 15:34:23 GMT
etag: W/"6772bd7f-f9d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7131
expires: Thu, 02 Jan 2025 09:07:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fb83a0059dbeb51-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (90)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash