Report - 1wrcnz.top/

Report Overview

Submitted URL
1wrcnz.top/
IP
190.115.24.78
ASN
#262254 DDOS-GUARD CORP.
Submitted
2023-02-23 07:30:47
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
12688802.fls.doubleclick.net	unknown	2023-01-13T19:52:23Z	2023-03-12T18:21:56Z	620 B	1.0 kB	142.250.74.70
vc.hotjar.io	2334	2019-04-16T12:33:25Z	2023-03-13T05:49:45Z	412 B	368 B	54.230.111.91
ps250.1win-service.com	unknown	2020-02-06T00:26:52Z	2023-03-12T18:22:01Z	647 B	677 B	172.67.209.1
static.hotjar.com	641	2014-11-01T06:14:27Z	2023-03-13T05:12:51Z	372 B	632 B	54.230.111.66
detectportal.firefox.com	1601	2018-08-30T11:52:03Z	2023-03-13T05:09:11Z	606 B	428 B	34.107.221.82
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.7 kB	9.8 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	7.6 kB	214 kB	35.241.9.150
ocsp.comodoca.com	1696	2012-05-21T09:01:17Z	2023-03-13T06:44:20Z	682 B	2.0 kB	104.18.32.68
region1.google-analytics.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:09:18Z	628 B	441 B	216.239.34.36
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.81.108.147
imgproxy.1win-cdn.com	unknown	2022-12-22T23:56:11Z	2023-03-12T18:21:57Z	980 B	14 kB	104.26.5.11
getpocket.cdn.mozilla.net	1369	2018-08-28T15:15:36Z	2023-03-13T08:02:38Z	435 B	48 kB	34.120.5.221
adservice.google.com	76	2021-02-20T17:10:48Z	2023-03-13T08:49:52Z	1.3 kB	1.6 kB	142.250.74.66
api.lab.amplitude.com	13117	2020-10-31T14:21:39Z	2023-03-13T07:51:05Z	1.1 kB	1.1 kB	151.101.194.132
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	5.9 kB	12 kB	142.250.74.131
api.amplitude.com	1242	2019-01-27T16:02:28Z	2023-03-13T08:38:49Z	1.5 kB	883 B	35.83.236.67
firefox-settings-attachments.cdn.mozilla.net	11509	2019-11-30T10:32:57Z	2023-03-13T08:38:30Z	412 B	808 kB	34.111.73.144
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	376 B	60 kB	142.250.74.40
adservice.google.no	96969	2018-06-20T01:38:38Z	2023-03-13T05:09:46Z	1.3 kB	1.4 kB	216.58.211.2
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	49 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	840 B	12 kB	34.160.144.191
1win-cdn.com	unknown	2022-12-12T13:37:00Z	2023-03-12T18:21:55Z	19 kB	3.0 MB	104.26.5.11
shavar.services.mozilla.com	3602	2015-09-28T08:30:01Z	2023-03-13T05:09:14Z	453 B	204 B	54.68.195.169
mc.yandex.ru	2672	2012-05-21T11:38:30Z	2023-03-13T08:16:45Z	2.1 kB	78 kB	77.88.21.119
1win.direct	unknown	2022-08-16T12:27:23Z	2023-03-12T18:21:56Z	7.8 kB	160 kB	134.122.54.186
1wrcnz.top	unknown	2023-01-26T06:45:26Z	2023-01-26T06:45:26Z	6.7 kB	48 kB	190.115.24.78
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	341 B	737 B	93.184.220.29
12572451.fls.doubleclick.net	unknown	2022-11-11T19:14:49Z	2023-03-12T18:21:56Z	661 B	1.1 kB	142.250.74.70
script.hotjar.com	887	2020-11-05T17:23:46Z	2023-03-13T07:54:54Z	379 B	69 kB	54.230.111.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-23 07:30:34	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-02-23 07:30:34	medium	Client IP	190.115.24.78	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (36)

	URL	Size	First Seen	Last Seen
	1win-cdn.com/js/icons-pack-payment-full.6272cc58.js	112 kB	2023-03-10	2023-03-26
Pretty URL 1win-cdn.com/js/icons-pack-payment-full.6272cc58.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:10 Last Seen2023-03-26 01:15:31 Times Seen14 Hash 79592a37316fe6c7dedac02b5dd8dcce ceed95bc72fec207bae49b0e729610f870609aa2 b2a5caafafc6106754cf5aafe561b67452393863271c18a6d290b6a78691cd70 Loading...

	1wrcnz.top/firebase/8.1.1/firebase-app.js	20 kB	2023-03-07	2024-04-24
Pretty URL 1wrcnz.top/firebase/8.1.1/firebase-app.js IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2024-04-24 05:48:14 Times Seen2005 Hash 5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce Loading...

	1win-cdn.com/js/1883.ce7803cd.js	14 kB	2023-03-10	2023-05-22
Pretty URL 1win-cdn.com/js/1883.ce7803cd.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:10 Last Seen2023-05-22 05:26:55 Times Seen17 Hash 38b12b277f1600c4e88856dd4ab28a3e 2994459d915ecd775eaa604932ce0d7055869bd3 952fc95c0b994becce7780ba0dfa5f7b8038ca1b56357258bd5bd73dbb2f554c Loading...

	1win-cdn.com/js/1895.ba9c11b9.js	61 kB	2023-03-14	2023-03-14
Pretty URL 1win-cdn.com/js/1895.ba9c11b9.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 05:41:05 Last Seen2023-03-14 14:07:00 Times Seen1 Hash 4a0e46abb3de81b6e2ec8c59b0572c8a 2cebcc762851e23d9962069184b2c940b4779fe9 a67fc602f206a5ab38109cc26f657e6925c6dab11fc54cdb2fa0eb1017ddaec2 Loading...

	1wrcnz.top/	134 B	2023-03-10	2023-03-14
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:11 Last Seen2023-03-14 14:07:01 Times Seen1 Hash 80f25644975373cac275420fc4b3ad9a 2730a10f3bd73235edbdc82c3ca6cf664a4759e6 a2e54533eac7301fbd6290c0fa7295f409fbc7ad60e565037c0a5fd678e2a2a8 Loading...

	static.hotjar.com/c/hotjar-2606090.js?sv=6	8.7 kB	2023-03-14	2023-03-14
Pretty URL static.hotjar.com/c/hotjar-2606090.js?sv=6 IP 54.230.111.66 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 08:39:33 Last Seen2023-03-14 08:39:33 Times Seen1 Hash 853b8e050a3948a6422c02bd57be067c 47b7ad301538c01a18e9a05c504b87416884de6b 3311d0d0daf63fb5ba5205f1c26767b852507811f9c97314991c04400dbf43c4 Loading...

	1win-cdn.com/js/icons-pack-home.e8bf03cf.js	80 kB	2023-03-10	2023-03-14
Pretty URL 1win-cdn.com/js/icons-pack-home.e8bf03cf.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:10 Last Seen2023-03-14 13:15:45 Times Seen1 Hash 4dd84f95c8841d82efcf28f58fd85c8e 14fe97ad3903f499cab0a0f6d0c63d75aa4e5d93 cacca2b863dcb76d949a2e54a420eccf16ded163af4642ae53cf5ac0246cca2e Loading...

	1win-cdn.com/js/icons-pack-sports-promotion.9bb32256.js	19 kB	2023-03-10	2023-04-21
Pretty URL 1win-cdn.com/js/icons-pack-sports-promotion.9bb32256.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:10 Last Seen2023-04-21 08:49:14 Times Seen15 Hash 6166adedf79bacef7ec98ef3aad49636 41dcee05f8d9b2e7bac94367377f3e6f61dda5e4 96c3140721009b7d978d196bd49612ff55347b43d8dab50294ccc5568319e5e2 Loading...

	1win-cdn.com/js/icons-pack-social.11d06b0b.js	20 kB	2023-03-10	2023-03-26
Pretty URL 1win-cdn.com/js/icons-pack-social.11d06b0b.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:10 Last Seen2023-03-26 01:15:31 Times Seen15 Hash 14b901812cc8444746d502be158f07eb 6b37c08533f721b15b3ad79feae2748c4da30806 f6fe04cc8e91f587fb45ad4a1f2329e9f2d50ef2ec0bf39050fe3e45769ab297 Loading...

	1wrcnz.top/	341 B	2023-03-14	2023-03-14
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:51:58 Last Seen2023-03-14 10:58:17 Times Seen1 Hash f842c1775544948485b95fa93934c715 dc64c7ae49643452192b4e3fe428d70b3165b793 ccb6b228c864a9e00ce684cf852b3daf4dd4cfab45ef3c12265be7da1e3dd1e3 Loading...

	1wrcnz.top/	32 B	2023-03-14	2023-03-14
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:51:58 Last Seen2023-03-14 10:58:17 Times Seen1 Hash afedfe2054692020d581e1aa0cab5bf9 ac330134656a6b73edd427170933e93a44d95c80 f715c6602c2be29e40630c278f7f93de92fd183bf85fcc9915d722414b6976b4 Loading...

	1wrcnz.top/	1.5 kB	2023-03-14	2023-05-02
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:51:58 Last Seen2023-05-02 06:58:29 Times Seen125 Hash 19d4d5a4b384b96be604bdde5a505030 b5b5d4c0c9b9d5e41bb58705a7a070cee88bfdbb 998cda4d03f20dd4d3d792ad5da89f0c22bd9625d6256e620c94a04b01c99893 Loading...

	1win-cdn.com/js/desktop.aa1ef28f.js	120 kB	2023-03-14	2023-03-14
Pretty URL 1win-cdn.com/js/desktop.aa1ef28f.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:07:27 Last Seen2023-03-14 14:07:00 Times Seen1 Hash aa1c3683e7c8acc3bad31cc9dbde87de c3b6a906929a7e28821bf66c4d044cf617703112 d3cdce82dedd4dae46eddef3c192a1bc0bbcd4635b23bf41e32b009b1339e651 Loading...

	1wrcnz.top/	184 B	2023-03-14	2023-04-05
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:07:26 Last Seen2023-04-05 01:42:11 Times Seen90 Hash 85952350ef6b406db2f2730c70598239 537c9ce24b361ac9da7318f36b74078ab6487cab 8f0224787caf72342ca70695f8bae9f420c40db920d1fb3080dfb214f92a1ef8 Loading...

	1wrcnz.top/	409 B	2023-03-10	2024-04-24
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:10 Last Seen2024-04-24 05:48:14 Times Seen1367 Hash efc54365d1ba6c4fb4bdf7ea1996bdbd 9f89f3485cd56eac910d9c0d6f9bd3b201074e24 da89215c040a91b80faf28d6030c58dab9d599794ef9bd1feba0fb01c621cf40 Loading...

	www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c	233 kB	2023-03-14	2023-03-14
Pretty URL www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 08:39:33 Last Seen2023-03-14 08:39:33 Times Seen1 Hash 5414495d63d53228ddac12b0bf16e359 0f0a0c86c897aca8fc80a4210a60b02cd13355a8 3e9b98493d830d148a40bf16930d5004aad06d4b9a6824b366da817a24ec0f89 Loading...

	1wrcnz.top/	117 B	2023-03-08	2023-07-19
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:36:51 Last Seen2023-07-19 08:48:45 Times Seen524 Hash 528c4b539fe168e3e1f1299b463b0d9b 0ebf0e012cd4ea0d4f7eeb300b7cfcf84fc47ebc 2eef45ac0763a37da9983781e441a9f0aadaa86f65212f9a4f18855f37b5915e Loading...

	1wrcnz.top/	2.2 kB	2023-03-14	2023-03-14
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 02:53:51 Last Seen2023-03-14 14:07:00 Times Seen1 Hash 64a49c81d25593a7518c4f4f4b0ebc9e 0147c142d18ff423c77976f18c46f8b5b70548c6 79e9cd1db0216d76ac2f068c3159f792f94953ddbb5d203e7b969e1d9989fff2 Loading...

	1win-cdn.com/js/10.fff54e18.js	11 kB	2023-03-13	2023-05-22
Pretty URL 1win-cdn.com/js/10.fff54e18.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:39:46 Last Seen2023-05-22 05:26:55 Times Seen17 Hash ba418e366ca5751dbfe5399b63266787 c5e4fe7263a79202b6a729a34d3b80ec360a6d4f e4aa44699f6b614d92047394ce220f841afb548cc5f1903a71222d2483f81bee Loading...

	1win-cdn.com/js/836.63a0cc43.js	23 kB	2023-03-14	2023-03-14
Pretty URL 1win-cdn.com/js/836.63a0cc43.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 05:41:05 Last Seen2023-03-14 13:15:45 Times Seen1 Hash 7d1b2ce8a8e82388a9f03a54648b7515 4f885740a968d41f1acc97e938d210f46491a1c9 6f885f10ac3ec2dc49f88920788dd193314571c24ffd03ba01ae514865164c71 Loading...

	1wrcnz.top/	4.6 kB	2023-03-10	2023-04-05
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 04:33:56 Last Seen2023-04-05 01:42:11 Times Seen90 Hash e43cafae222620602628c11eb5519b50 ecc349dff22b805a33b9826b36e1f9e95934ae04 df3efcfa7aa17d25dc870478f73a67dfb047ac455f32b27b1c5a36610e301b14 Loading...

	1win-cdn.com/js/1705.d306728f.js	29 kB	2023-03-08	2023-05-22
Pretty URL 1win-cdn.com/js/1705.d306728f.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:36:51 Last Seen2023-05-22 05:26:55 Times Seen17 Hash f3e71e7aef4d262384c871db4462c1ac 972d5c614b827343b5af0eb3cdf6b33e140839c7 270fd7ec5b3a45c223ebd2f7740a48447e8d190b0ae2487cf6c4ddfc94cea1b6 Loading...

	1win-cdn.com/js/index.dcfba266.js	91 kB	2023-03-14	2023-03-14
Pretty URL 1win-cdn.com/js/index.dcfba266.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:51:58 Last Seen2023-03-14 10:58:17 Times Seen1 Hash 11dc6d570fbd0be44bc88a15de358c80 2aaa0cbad829804de88909891500a54c5c46219c 6907a79454480fbf86bf28e3e0993b2acb07f42c4ef58025648d7b26f5dbf15b Loading...

	unknown	0 B	2023-03-07	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 13:18:25 Times Seen37039029 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	1wrcnz.top/	252 B	2023-03-07	2023-03-17
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2023-03-17 10:36:37 Times Seen1 Hash 4ac2785671fe1680b0f2b620757ae0de fda0f783dbc778606b6aac4d071148fb8907be39 01eaa9fcd73f31456cf426f437bda7e8e951231b93108cbb67b8cce959be18ec Loading...

	1wrcnz.top/firebase/8.1.1/firebase-messaging.js	41 kB	2023-03-07	2024-04-24
Pretty URL 1wrcnz.top/firebase/8.1.1/firebase-messaging.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2024-04-24 05:48:15 Times Seen2015 Hash 450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f Loading...

	1wrcnz.top/	186 B	2023-03-14	2023-05-16
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:07:26 Last Seen2023-05-16 22:34:42 Times Seen179 Hash fbe613b6194e5b779be9c472eed36fcc 203efc9adf08c6517763489fa7f77d757c60cfc7 8ca7578f7c0c132103bb4f51d6218ba277cf29ca482d3472c60a67cfb855c040 Loading...

	mc.yandex.ru/metrika/tag.js	216 kB	2023-03-14	2023-10-04
Pretty URL mc.yandex.ru/metrika/tag.js IP 77.88.21.119 ASN #13238 YANDEX LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 05:33:27 Last Seen2023-10-04 05:22:07 Times Seen986 Hash 5fa6e88483315ca1aadaf90d6ac4d475 729b82d7bc8052741f5f48daeea1e6287f1fe73b 04afc90111de0665453b3f792bc1112feb5ee5bad24b9e206af915941da8c300 Loading...

	1win-cdn.com/js/3998.ccb852e6.js	99 kB	2023-03-14	2023-03-14
Pretty URL 1win-cdn.com/js/3998.ccb852e6.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 05:42:26 Last Seen2023-03-14 15:11:15 Times Seen1 Hash 0ee9be780d3ae5b0fb5f4bb383ccd1c7 0de765d121b207219ad69b42a8c318472ba82ae1 4f99e791c90b7e57307eaf9cb0e7429f2c98497e251817df20c887df0a5d1b31 Loading...

	1wrcnz.top/	226 kB	2023-03-14	2023-03-14
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:07:27 Last Seen2023-03-14 14:07:00 Times Seen1 Hash 05ffffdb61d13bda2c22cac562e1437c 615f439c39e5b2bf28f5be50a96ea704bdf81306 bdcf023176c3fd8f05546c1e5f1f4aae2323e3c4e88fd4b21da4fbef8c2a6e54 Loading...

	1wrcnz.top/	462 B	2023-03-08	2023-05-02
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:36:51 Last Seen2023-05-02 06:58:29 Times Seen125 Hash 8fa3859e97c2beeeb855323606fe1399 2c64fc5aa0655ae520b087b0fe552bf2f7012b8f 562c126b38129b1eb5c1d08ece039bdfb2a49eaeb376d6b2c28b97438601e3a2 Loading...

	1wrcnz.top/	421 B	2023-03-12	2024-04-24
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:22:06 Last Seen2024-04-24 05:48:13 Times Seen1368 Hash dc37ec839376756d26f9c8925e173ac0 c7aff54b91a363e452e3338b3cf8441b3a82cbbb f139f19f43bcda296441234e4cb82550d94bde81758de7cf37bfe55df1c96717 Loading...

	1win-cdn.com/js/icons-common.d0f378f6.js	236 kB	2023-03-14	2023-03-26
Pretty URL 1win-cdn.com/js/icons-common.d0f378f6.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 05:41:05 Last Seen2023-03-26 01:15:31 Times Seen15 Hash f9fd22b4c6d3fb9e9daafae6f65854ee adf3a0011bbfedaa56d0511fd33b2db578d8d87f 4043805529e0e72de937a98732c3e623fc16d4fa39393345c93cb32ed641ed1f Loading...

	1wrcnz.top/	822 B	2023-03-10	2023-03-14
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 04:33:56 Last Seen2023-03-14 13:47:10 Times Seen1 Hash da1b222175866dbd3be62c0f84047db2 584adb7db073e1295b3dce7047bbff011e88a42c 69d40bbecb5eb39fb050695e8c4b7270ea94628ed219582e15cc96490a460c53 Loading...

	1win-cdn.com/js/chunk-common.4ca56327.js	17 kB	2023-03-13	2023-05-22
Pretty URL 1win-cdn.com/js/chunk-common.4ca56327.js IP 104.26.5.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 23:28:11 Last Seen2023-05-22 05:26:55 Times Seen3 Hash 05c0617a4e99c2b61f7971a31e27c6c5 d74d4d4a1e700c9fc8ca80a1d5ccb7839f0c64f7 c7dca4989f5baa662b7b718e3c48879547e951391cf83af25ff658ad1081bb04 Loading...

	1wrcnz.top/	193 B	2023-03-14	2023-05-16
Pretty URL 1wrcnz.top/ IP 190.115.24.78 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:07:26 Last Seen2023-05-16 22:34:42 Times Seen179 Hash 22399c986ee46b9c714db39f7e037561 903d0fa1e4f9553990e8b4aa899f66769fad74d7 7600ea868920d014305bea78331a4a3d6c46e489eda32c24b8e1fd3a6c6b64e0 Loading...

HTTP Transactions (157)

URL IP Response Size

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 22 Feb 2023 15:24:39 GMT
Age: 57946
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

1wrcnz.top/

190.115.24.78

301 Moved Permanently

175 B

URL HTTP/1.1
1wrcnz.top/
IP
190.115.24.78:0
ASN
#262254 DDOS-GUARD CORP.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
175 B (175 bytes)
Hash
27d3037d4815f88b7bb724cb258524e1
092678ca1f61e13d97f37f7be9438e7b32b722e9
0c0a343c76a265d5b6b5b3708383afaf77f187eaa7f3fa8f1fec18cdf4ebe198

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: openresty/1.19.9.1
Date: Thu, 23 Feb 2023 07:31:12 GMT
Content-Type: text/html
Content-Length: 175
Connection: keep-alive
Location: https://1wrcnz.top
X-Frame-Options: DENY

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
67fc460ed2f69dde3c410ec607ef3510
ba9f582ec321351e5c06c9b2c381f06b685ef274
85df74fac7d59d76840b6359bac24648fede201c0048f2a8382af6468225ffb8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85DF74FAC7D59D76840B6359BAC24648FEDE201C0048F2A8382AF6468225FFB8"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3376
Expires: Thu, 23 Feb 2023 08:26:42 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bf2985444924fcb7c28583d95fe3e07
95b5b25c5e28758f16327475be944d68ba858b4d
1e1b4f9fd2e5b5c38916cea3f07edc4abe897defb9db47123d374bc979cad933

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1E1B4F9FD2E5B5C38916CEA3F07EDC4ABE897DEFB9DB47123D374BC979CAD933"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5024
Expires: Thu, 23 Feb 2023 08:54:10 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

47 kB

URL HTTP/2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP
34.120.5.221:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
47 kB (47027 bytes)
Hash
337da99fcc276f212ae80a9b0f0dcb61
dc7b6dfe8236a0c31d609f0cb1dfe6c464c32a68
97ad36dce13795fd46603336a49e04c6b50ea9d87ce23ac4bef386a286010425

HTTP Headers

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: tvzCS0vr7pP1BH4T1OTAVgw6WA5t9I78UVCkoCKlTcF6iN79prANlw==
content-encoding: gzip
via: 1.1 7f06047c304d80ea094816a27c933914.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Feb 2023 07:29:41 GMT
content-type: application/json
vary: Accept-Encoding
content-length: 47027
age: 45
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7fb59e5d3cdf08b94e5f41fdeb9aec6c
ff644039db3b9f74d7e2fab10f93581bea10614a
861573a00d75364e15783c5e448c4f8b4da48b38d9beba3ebd33a87f993489a5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "861573A00D75364E15783C5E448C4F8B4DA48B38D9BEBA3EBD33A87F993489A5"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20690
Expires: Thu, 23 Feb 2023 13:15:16 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: VTxVKnkxWwM493nohhCb2IgizogQjumiOlaXQzkoAFkLJKyA4tBU3fIKf8alC7NfG8vJtRYI5V4=
x-amz-request-id: T2HD28SX7KVEY8KB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Feb 2023 07:13:23 GMT
age: 1023
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6eb0a77aa4a20639a06d9621742007c2
d2d03beeb111049117b70d5f3dff3698a671ef8a
62c2da0800bf8efb6bb985b2eb046fa863e0b394681fb2ab187a9c4836fbd320

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62C2DA0800BF8EFB6BB985B2EB046FA863E0B394681FB2AB187A9C4836FBD320"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21525
Expires: Thu, 23 Feb 2023 13:29:11 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 07:30:26 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Feb 2023 06:38:18 GMT
content-type: application/json
age: 3128
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
836108e1bbb7b033c537df908101968e
f33be0cc06ed65735a06529f34d54e2f3683a5a5
356960f884af0a575572f8b80fb3919d58a2c56dc7bc3fedc869265694285104

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "356960F884AF0A575572F8B80FB3919D58A2C56DC7BC3FEDC869265694285104"
Last-Modified: Thu, 23 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 23 Feb 2023 13:30:26 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5aa46280b9f4ef8602f5e1b6864d898f
f1b8d2278116c2873ec0683122818fc186c74392
bb61e1178bc48dc26984f63f54d2621706fe49faa6f9a5651b06befa53cea9a0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4118
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Last-Modified: Thu, 23 Feb 2023 06:21:48 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5fa728a339ca32e616d483e61d0aebcd
6a63966de94d16390c8f1e47e5b67fe5bb67f7cd
7e83729d554404e59f1f1ff809ac776d3596487e2b062a1e38af8e29f33c0686

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E83729D554404E59F1F1FF809AC776D3596487E2B062A1E38AF8E29F33C0686"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14169
Expires: Thu, 23 Feb 2023 11:26:35 GMT
Date: Thu, 23 Feb 2023 07:30:26 GMT
Connection: keep-alive

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cf662a9839c077afea151efe987dbcc1
8e26bb1413a623c2083e5002c682adb910c6f94f
50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1

HTTP Headers

POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cf662a9839c077afea151efe987dbcc1
8e26bb1413a623c2083e5002c682adb910c6f94f
50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1

HTTP Headers

POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cf662a9839c077afea151efe987dbcc1
8e26bb1413a623c2083e5002c682adb910c6f94f
50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1

HTTP Headers

POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cf662a9839c077afea151efe987dbcc1
8e26bb1413a623c2083e5002c682adb910c6f94f
50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1

HTTP Headers

POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/m7Q96l8rCKM
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cf662a9839c077afea151efe987dbcc1
8e26bb1413a623c2083e5002c682adb910c6f94f
50cd159dffd3532a0f06ab817d7b5a6bc1b7cdeeed59be671ca5800d6b2b6cd1

HTTP Headers

POST /s/gts1p5/m7Q96l8rCKM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

1win-cdn.com/css/6610.4f034e44.css

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/css/6610.4f034e44.css
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /css/6610.4f034e44.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:26 GMT
content-type: text/css
content-length: 0
cache-control: max-age=315360000
cf-bgj: minify
access-control-allow-origin: *
etag: "63c7c775-0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 18 Jan 2023 10:18:29 GMT
cf-cache-status: HIT
age: 3032687
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mrj4cSHm3N4FSRpgtCBpDVWQCvilRaSVR67YwBqhAhDtY4WISc7vQ6FlXFidu9UFoTYk9wn9T1r4exHQKqjNP%2FsNyoaybZeKpzBoxBgvfRVv9C%2FgFH00keAgRuCCcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195c946b521-OSL
X-Firefox-Spdy: h2

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2

54.68.195.169

200 OK

8 B

URL HTTP/1.1
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP
54.68.195.169:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
8 B (8 bytes)
Hash
29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b

HTTP Headers

POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Thu, 23 Feb 2023 07:30:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close

1wrcnz.top/img/logo/1w_logo.webp

190.115.24.78

200 OK

4.2 kB

URL HTTP/2
1wrcnz.top/img/logo/1w_logo.webp
IP
190.115.24.78:0
ASN
#262254 DDOS-GUARD CORP.

File type
RIFF (little-endian) data, Web/P image\012- data
Size
4.2 kB (4160 bytes)
Hash
290ac463251c4079d15ef3fb016bdd9b
8f7013ea3afe0ad8efe6c4afa2bf8fa8e2d61e66
7cc723ed1487f56d1be3f59e23498248d5ad2329d13df59e8f3e2da251d4e900

HTTP Headers

GET /img/logo/1w_logo.webp HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:13 GMT
content-type: image/webp
content-length: 4160
last-modified: Wed, 22 Feb 2023 10:12:40 GMT
etag: "63f5ea98-1040"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: DENY
accept-ranges: bytes
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.81.108.147

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.81.108.147:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Lt6bXvvfbiAb3xRhxP3BMQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: a+inrZAaMX3dw98pxRdN/9p+XBg=

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, Alert, Content-Length, Backoff, ETag, Cache-Control, Retry-After, Last-Modified, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Feb 2023 07:20:35 GMT
age: 592
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221677121036546%22

35.241.9.150

200 OK

22 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221677121036546%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (21681), with no line terminators
Size
22 kB (21681 bytes)
Hash
accef8a81ca596001ad5a8fd66ed4bc2
f7167c5429485e973fa1a14646dd4b50eef53caf
71fbf95a3cfbc0f51e2860cd25fa87fc2cdfd9df9b5f5dbe29fa42bdce4d19e0

HTTP Headers

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221677121036546%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21681
via: 1.1 google
date: Thu, 23 Feb 2023 07:02:02 GMT
age: 1705
last-modified: Thu, 23 Feb 2023 02:57:16 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1677069440866&_since=%221666204638208%22

35.241.9.150

200 OK

33 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1677069440866&_since=%221666204638208%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (32643), with no line terminators
Size
33 kB (32643 bytes)
Hash
111a124bfe0fcca1d00eacc4056304c0
09f7b2abd4d09de09db0e11add552e995346c23c
3dfc4c61e3f4a5d95c359d2914ec2dcf4bfc413116dec9b98bc104ecc9f446bf

HTTP Headers

GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1677069440866&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 32643
via: 1.1 google
date: Thu, 23 Feb 2023 07:10:15 GMT
age: 1212
last-modified: Wed, 22 Feb 2023 12:37:20 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

1wrcnz.top/affiliate:link_visit?visit_domain=1wrcnz.top&sub_ids=undefined

190.115.24.78

200 OK

15 B

URL HTTP/2
1wrcnz.top/affiliate:link_visit?visit_domain=1wrcnz.top&sub_ids=undefined
IP
190.115.24.78:0
ASN
#262254 DDOS-GUARD CORP.

File type
JSON data\012- , ASCII text, with no line terminators
Size
15 B (15 bytes)
Hash
0f0479874bf6f4a7281099b15df27c27
55a490e280d48996e564d00492437eb17faadd28
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

HTTP Headers

GET /affiliate:link_visit?visit_domain=1wrcnz.top&sub_ids=undefined HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrcnz.top/
Connection: keep-alive
Cookie: visit_domain=1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:13 GMT
content-type: application/json; charset=utf-8
content-length: 15
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
etag: W/"f-VaSQ4oDUiZblZNAEkkN+sX+q3Sg"
set-cookie: core-sticky=http://10.233.72.195:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: DENY
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Feb 2023 06:53:54 GMT
content-type: application/json
age: 2193
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
135606a5e990506b3e92eda82ef79170
a3de3c800534ad64b2e2198941e3911a4e51df8e
558ce08e84a4581859ae4302371540e4240e0b85866e37fb03174786388d5546

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "558CE08E84A4581859AE4302371540E4240E0B85866E37FB03174786388D5546"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2912
Expires: Thu, 23 Feb 2023 08:18:59 GMT
Date: Thu, 23 Feb 2023 07:30:27 GMT
Connection: keep-alive

1wrcnz.top/firebase/8.1.1/firebase-app.js

190.115.24.78

200 OK

36 kB

URL HTTP/2
1wrcnz.top/firebase/8.1.1/firebase-app.js
IP
190.115.24.78:0
ASN
#262254 DDOS-GUARD CORP.

File type
data
Size
36 kB (35804 bytes)
Hash
fe6a411a477695b5b69371b7fab568a9
82bdb41a9edb8d8859661b56b9630f7ea01be884
3801f4ce720d28e324d460a53459558a7ab396981dd3e34fb15afbf1f7af56ca

HTTP Headers

GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/sw.db344b25.js
Cookie: visit_domain=1wrcnz.top; core-sticky=http://10.233.72.195:80
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:13 GMT
content-type: application/javascript
last-modified: Wed, 22 Feb 2023 10:12:39 GMT
etag: W/"63f5ea97-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/1895.ba9c11b9.js

104.26.5.11

200 OK

13 kB

URL HTTP/2
1win-cdn.com/js/1895.ba9c11b9.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
13 kB (12613 bytes)
Hash
f565a56a815c6322f8afcc6ddcd337a5
6d88b8d68513b3e103f180ae3c415ac4bb6f8c8e
a12016b11959954616c6d01b93a117d0eac3944d043c681b44b7e58aacb96e8e

HTTP Headers

GET /js/1895.ba9c11b9.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=60809
access-control-allow-origin: *
etag: W/"63f37b40-ed89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 13:53:04 GMT
cf-cache-status: HIT
age: 236173
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dZINN4AiFlA%2B%2FMExIf%2BcMNNM12VERNrocwR9ob8GzOfBdg6Rzk2n8dnNuLtW%2BPzgnKHhnyQorS3O2TyT4f5Yat0N5QRwtoW8iTJfcD9sZkr3gvYJ91ZT0pHIx6dcxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4198ed3fb521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/fonts/SFNSText.c652402c.woff2

104.26.5.11

200 OK

379 kB

URL HTTP/2
1win-cdn.com/fonts/SFNSText.c652402c.woff2
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 379312, version 1.0\012- data
Size
379 kB (379312 bytes)
Hash
78c04126100e27b652681e2e225f0303
fe601d94aeed79691f4cb7bc3b741f5263d488e9
49073903870a8bb345c24e632270bc480dde66725f0af85c66df5cb7269c4214

HTTP Headers

GET /fonts/SFNSText.c652402c.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/octet-stream
content-length: 379312
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-5c9b0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iJ1Dxphyr7jI6Kj12LnywlhveN0j6oA2w8ILugYjGq6miBWniAp7MhiESeTkQwnkbtxdTcr%2BKgy9cuOfjqBrvT4X8fnWoGvyHEEpnx0UJh5LgERRiL7vd6%2B8LynzCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4198f983b500-OSL
X-Firefox-Spdy: h2

firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin

34.111.73.144

200 OK

807 kB

URL HTTP/2
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP
34.111.73.144:0
ASN
#15169 GOOGLE

File type
data
Size
807 kB (807180 bytes)
Hash
914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857

HTTP Headers

GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: l+MCtFOuLKzOPj71ctV6p21ZnEwlje3OMs98dDmBuOF/9BlFn9tKisO1m/95doEjfl++IkG0uWc=
x-amz-request-id: VKZJ774KPQ4B1SPR
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Thu, 16 Feb 2023 11:49:05 GMT
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
age: 589282
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 22 Feb 2023 15:24:39 GMT
Age: 57948
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx/changeset?_expected=1676781773899&_since=%221643818378440%22

35.241.9.150

200 OK

6.0 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx/changeset?_expected=1676781773899&_since=%221643818378440%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (5951), with no line terminators
Size
6.0 kB (5951 bytes)
Hash
84c45909a46631dec23c78a3a547ca95
b511f80ad0abe7a6f0ce8988a0b9275573665c9a
ce6af1c28962645f13129411c11c7f156f0cd9e282f5ef0146d5cbd84a4e2b7e

HTTP Headers

GET /v1/buckets/blocklists/collections/gfx/changeset?_expected=1676781773899&_since=%221643818378440%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 5951
via: 1.1 google
date: Thu, 23 Feb 2023 06:48:56 GMT
age: 2491
last-modified: Sun, 19 Feb 2023 04:42:53 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

35.241.9.150

200 OK

681 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (681), with no line terminators
Size
681 B (681 bytes)
Hash
b3c57c4bb39f0c7541d93ba82a5cd4c9
be92fd1cee01b4a8bb4174b0b11e53be649cd1a3
98e848e13f44cb1595f2f1882c734fd25761a0e8facae4e0c3dcff6f322a4000

HTTP Headers

GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Content-Length, Content-Type, Cache-Control, Pragma, Retry-After, ETag, Expires, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 681
via: 1.1 google
date: Thu, 23 Feb 2023 06:55:06 GMT
age: 2121
last-modified: Wed, 22 Feb 2023 16:36:55 GMT
etag: "1677083815772"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
67d0353e59411ba1f85c492efa548d94
2bb48dd2638abb14217de43ca03d2485a31eb7e7
c50c81dc979238b0bfea29f69cc5b4e6277e06c407025412430c190acf1e8d29

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7

142.250.74.40

200 OK

60 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (15455)
Size
60 kB (59516 bytes)
Hash
1605f15be14904947e7a0c23ba9570af
b8d279595ec5cac98016b639e88f12a8a9347033
25b6fccc661856f45ad4458efece8a4a2df89f0500681fc1b22524c7e41c9eef

HTTP Headers

GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 23 Feb 2023 07:30:27 GMT
expires: Thu, 23 Feb 2023 07:30:27 GMT
cache-control: private, max-age=900
last-modified: Thu, 23 Feb 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 59516
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
67d0353e59411ba1f85c492efa548d94
2bb48dd2638abb14217de43ca03d2485a31eb7e7
c50c81dc979238b0bfea29f69cc5b4e6277e06c407025412430c190acf1e8d29

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22

35.241.9.150

200 OK

1.3 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1250), with no line terminators
Size
1.3 kB (1250 bytes)
Hash
c9f7f64ea0e8fd2d1098afb18806601b
fac82a10d89a339d7970db44b47633465d7b16f8
e0ed15ed986855d3c7eec307e2333aeea9211c5c3d8849dabaa56395dbaec026

HTTP Headers

GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1250
via: 1.1 google
date: Thu, 23 Feb 2023 07:02:27 GMT
age: 1680
last-modified: Wed, 22 Feb 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22

35.241.9.150

200 OK

1.7 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1743), with no line terminators
Size
1.7 kB (1743 bytes)
Hash
8d7098a815bd465cf003589b0703c6b0
202cba221e952763f4ccf8e16df65693d9098b44
8cf3d3a8263ffc0df70842cb3968feef260daaa2977cd450819a346d48712114

HTTP Headers

GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1743
via: 1.1 google
date: Thu, 23 Feb 2023 06:38:38 GMT
age: 3110
last-modified: Wed, 22 Feb 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1675734066429&_since=%221662044085942%22

35.241.9.150

200 OK

5.6 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1675734066429&_since=%221662044085942%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (5628), with no line terminators
Size
5.6 kB (5628 bytes)
Hash
c2aaf121f79032d2dbef3b6bbebc5bda
9aea63df55fe7bbf0337658087da5679e68fff39
570d0386b573c64a975e5ce952c25a81ad35b59a114e7d86f9a85d2a0d4c5c62

HTTP Headers

GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1675734066429&_since=%221662044085942%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 5628
via: 1.1 google
date: Thu, 23 Feb 2023 07:06:46 GMT
age: 1422
last-modified: Wed, 22 Feb 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
99833367490dd4a0b1fe074db23fbaa0
f5195f40f27dc45e7dfc323a8f5e0c546be2f6ca
0e4a4c91d19b35385a72a41c0b2b9bf64ec4e9b064c6230de863985d935239c8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
99833367490dd4a0b1fe074db23fbaa0
f5195f40f27dc45e7dfc323a8f5e0c546be2f6ca
0e4a4c91d19b35385a72a41c0b2b9bf64ec4e9b064c6230de863985d935239c8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

12688802.fls.doubleclick.net/activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F?

142.250.74.70

200 OK

237 B

URL HTTP/2
12688802.fls.doubleclick.net/activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (452), with no line terminators
Size
237 B (237 bytes)
Hash
1af88bde856db95481bf64bafa614eb4
3a0b746336e4df37dcc27e82dfcfa1c9a1a558df
6951cdc42e899348f84b57330b239fbf8a3458e4854c58de6c1e881027a64a62

HTTP Headers

GET /activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F? HTTP/1.1
Host: 12688802.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 07:30:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 237
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 23-Feb-2023 07:45:28 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

12572451.fls.doubleclick.net/activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51?

142.250.74.70

200 OK

274 B

URL HTTP/2
12572451.fls.doubleclick.net/activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (519), with no line terminators
Size
274 B (274 bytes)
Hash
90f5d5e2ee4797cee64a6eebd365fe47
25b44a00efe7904644896a75008f29bed80d133c
482a393b1ec680f37b915ed3e09b8dbcbbe728c07bc0ee9c7b1e068d7d75fdbd

HTTP Headers

GET /activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51? HTTP/1.1
Host: 12572451.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 07:30:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 274
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 23-Feb-2023 07:45:28 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
99833367490dd4a0b1fe074db23fbaa0
f5195f40f27dc45e7dfc323a8f5e0c546be2f6ca
0e4a4c91d19b35385a72a41c0b2b9bf64ec4e9b064c6230de863985d935239c8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
99833367490dd4a0b1fe074db23fbaa0
f5195f40f27dc45e7dfc323a8f5e0c546be2f6ca
0e4a4c91d19b35385a72a41c0b2b9bf64ec4e9b064c6230de863985d935239c8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

1wrcnz.top/get-authorization?random=1677137436656-0.14973793446331718

190.115.24.78

200 OK

19 B

URL HTTP/2
1wrcnz.top/get-authorization?random=1677137436656-0.14973793446331718
IP
190.115.24.78:0
ASN
#262254 DDOS-GUARD CORP.

File type
JSON data\012- , ASCII text, with no line terminators
Size
19 B (19 bytes)
Hash
97816351479ac35375c10e73546c9459
b388abc5b856b3cb65032cf68d12cdee27073fc7
759315d5ae8c31136d2a7bc803e591554894987559325cdf7e0b5965bec0eaca

HTTP Headers

GET /get-authorization?random=1677137436656-0.14973793446331718 HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Cookie: visit_domain=1wrcnz.top; core-sticky=http://10.233.72.195:80; amp_494ccc=0jLQyK9s7WVauTGSitWWN8...1gpuisnrh.1gpuisnrh.0.0.0; amplitude-device-id=23d207a2-2af7-4eba-9f41-19599a058d79; 1w_lang=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:14 GMT
content-type: application/json; charset=utf-8
content-length: 19
access-control-allow-origin: https://1wrcnz.top
access-control-allow-credentials: true
x-frame-options: DENY
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1677079981951&_since=%221666279968541%22

35.241.9.150

200 OK

106 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1677079981951&_since=%221666279968541%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
106 kB (106535 bytes)
Hash
44317bc4f401543ba080c8b77e2aff54
ae769488dfa10cd08cf730a63ac64b0a29246a8a
167da22ccd9986da793ecdc27155152f073ca124306a599050be0c55cba79678

HTTP Headers

GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1677079981951&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 106535
via: 1.1 google
date: Thu, 23 Feb 2023 06:24:38 GMT
age: 3950
last-modified: Wed, 22 Feb 2023 15:33:02 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5a9e54f54243639a31020050bfc7fb55
c49766d67bea2ce07bd3c925d42897ab992f94e2
26b96bbdd02ca9498d5c7a4b970ebbec31039db95a2ce6e5a6ff665c73023a8d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

1win-cdn.com/js/index.dcfba266.js

104.26.5.11

200 OK

31 kB

URL HTTP/2
1win-cdn.com/js/index.dcfba266.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size
31 kB (31012 bytes)
Hash
257550e27e5283f5558c324444fbefeb
3561397f7ffd377f0aa11c433d2b963a3f5fa80d
d3000f22d7412461df75eef6e736429637ddec70269a28fe5b01ac701e61fe1b

HTTP Headers

GET /js/index.dcfba266.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 22 Feb 2023 10:11:57 GMT
etag: W/"63f5ea6d-164ea"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TAT5zOjkI9lTNmGfsy%2Fl9ApYWt7tYTfaGefKwEFcMZ4PoNBxngBEnez6Z%2BkVuEdtyzIoQg%2BneOueSkMvXiA2cjxL2fXd%2FfQk8HERoHBIp7utOubB5zFsbEGjEDgK%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195cd1fb500-OSL
content-encoding: br
X-Firefox-Spdy: h2

adservice.google.com/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F

142.250.74.66

200 OK

239 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (451), with no line terminators
Size
239 B (239 bytes)
Hash
e189eeeda58382f208848466b70c4822
7ffac8267745647438f3c22cb4b15a56043f78e9
be35c5d0596ecbf8a1099fb0eb0fb769d8ea9f8822f10b42f34b08d271ba5ed3

HTTP Headers

GET /ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12688802.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 07:30:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 239
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

adservice.google.com/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51;~oref=https://1wrcnz.top/

142.250.74.66

200 OK

274 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51;~oref=https://1wrcnz.top/
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (518), with no line terminators
Size
274 B (274 bytes)
Hash
7a5c6f6d16b17e3414497b27aa53daa1
182e1dfa196440203598a268ba092cebd9b4fc32
7829d2e61428eaed691a86f17c01d181f21a0ca58e4c628cfcbf694bfc6a8fe5

HTTP Headers

GET /ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51;~oref=https://1wrcnz.top/ HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12572451.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 07:30:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 274
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5a9e54f54243639a31020050bfc7fb55
c49766d67bea2ce07bd3c925d42897ab992f94e2
26b96bbdd02ca9498d5c7a4b970ebbec31039db95a2ce6e5a6ff665c73023a8d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.lab.amplitude.com/sdk/vardata

151.101.194.132

200 OK

2 B

URL HTTP/2
api.lab.amplitude.com/sdk/vardata
IP
151.101.194.132:0
ASN
#54113 FASTLY

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

GET /sdk/vardata HTTP/1.1
Host: api.lab.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrcnz.top/
Authorization: Api-Key client-Ss5BFx7UDrTj948TJHfc5ZUoTW67EjvZ
X-Amp-Exp-User: eyJsaWJyYXJ5IjoiZXhwZXJpbWVudC1qcy1jbGllbnQvMS43LjEiLCJkZXZpY2VfaWQiOiIyM2QyMDdhMi0yYWY3LTRlYmEtOWY0MS0xOTU5OWEwNThkNzkiLCJ1c2VyX3Byb3BlcnRpZXMiOnt9fQ
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json;charset=utf-8
access-control-allow-origin: https://1wrcnz.top
access-control-allow-credentials: true
x-amzn-trace-id: Root=1-63f71614-01bbbe5958bb198a1a7f5de1
x-content-type-options: nosniff
accept-ranges: bytes
date: Thu, 23 Feb 2023 07:30:28 GMT
age: 0
x-served-by: cache-bma1648-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1677137428.081638,VS0,VE216
vary: Origin, Origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2
X-Firefox-Spdy: h2

script.hotjar.com/modules.7cafb00353603cadd6c4.js

54.230.111.73

200 OK

68 kB

URL HTTP/2
script.hotjar.com/modules.7cafb00353603cadd6c4.js
IP
54.230.111.73:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (48737)
Size
68 kB (68446 bytes)
Hash
75f1519020fb26b2d79428053cef7ce8
b5969580970cbbb41b623bd2e6693b5836f02573
38523b468cf2ca24900805c7ca98f9dbe7b422442f35f6cad0afddebe03409de

HTTP Headers

GET /modules.7cafb00353603cadd6c4.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive

HTTP/2 200 OK
content-type: application/javascript
content-length: 68446
date: Wed, 22 Feb 2023 15:55:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "75f1519020fb26b2d79428053cef7ce8"
last-modified: Wed, 22 Feb 2023 15:54:32 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dVMi0WaqkqU5FQobEyIfB2mQgGVOonxVdFcdDCfH3uWvHFU-rI1D2Q==
age: 56122
X-Firefox-Spdy: h2

1win-cdn.com/css/desktop.50f0f5ef.css

104.26.5.11

200 OK

23 kB

URL HTTP/2
1win-cdn.com/css/desktop.50f0f5ef.css
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (22834 bytes)
Hash
04a076dd16fe5bc7824874f152ed1db7
55adc1e3b1caaaac4caf0c97be8cd8211d991286
5d927a1480088159238fade7982e66e54993c3d1feeead598e2f05571aec8e88

HTTP Headers

GET /css/desktop.50f0f5ef.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:26 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=113921
access-control-allow-origin: *
etag: W/"63ef2d10-1bd01"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 17 Feb 2023 07:30:24 GMT
cf-cache-status: HIT
age: 518166
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xosla%2BnFJLPqbronVfM5Opg3GJWB2aE27V5LI32j5eKneR0sE4Xs579kkTHX9c%2BihacGAKZRilJ44FbjfkhDTIosUUX6LadGIjjldgPxrTJ7giqFesdLYcqDKlPnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195c950b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
00fc3b5f1c0bf75bad8c142109720834
050f2d14da16248ead53d3996d88aacd18e5041a
b5f65aaa770693ab60c9c5342fa5aff03408055071e73a7c08c89fb5faf143c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5c79f7689efb3e9384d23c012fbb7459
6383d131dec112059c3bb88971dc23ce47bc98f2
4bc466ff7e5773f11ef30dba2c57bb6b76b05964622a087f0fba48686b6b85f4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F

216.58.211.2

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F
IP
216.58.211.2:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=5100281094676;gtm=45He32m0h2;auiddc=1846652071.1677137437;~oref=https%3A%2F%2F1wrcnz.top%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 07:30:28 GMT
expires: Thu, 23 Feb 2023 07:30:28 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

adservice.google.no/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51;~oref=https://1wrcnz.top/

216.58.211.2

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51;~oref=https://1wrcnz.top/
IP
216.58.211.2:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5374613386682.51;~oref=https://1wrcnz.top/ HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 07:30:28 GMT
expires: Thu, 23 Feb 2023 07:30:28 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
00fc3b5f1c0bf75bad8c142109720834
050f2d14da16248ead53d3996d88aacd18e5041a
b5f65aaa770693ab60c9c5342fa5aff03408055071e73a7c08c89fb5faf143c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22

35.241.9.150

200 OK

1.5 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1505), with no line terminators
Size
1.5 kB (1505 bytes)
Hash
8c387573e466da58de34efecea89a4a1
3bee30f48f21c082dee7ce7b52ebd7b4e30edca8
019686dbf2b110ba2e746777c3539cf842f44eeb333ec45af0f41d785a2c9272

HTTP Headers

GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1505
via: 1.1 google
date: Thu, 23 Feb 2023 06:38:21 GMT
age: 3127
last-modified: Mon, 20 Feb 2023 16:36:46 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

mc.yandex.ru/metrika/tag.js

77.88.21.119

200 OK

74 kB

URL HTTP/2
mc.yandex.ru/metrika/tag.js
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Size
74 kB (73790 bytes)
Hash
6a599c9bd605553d6e8ea26b240017e5
ce6de2eaa815569841f1b16de3de7aa841ac7e88
8ee4a7bf51b198d826a7320c21965e73d95fd1642d9071a1a840e566ee9303de

HTTP Headers

GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive

HTTP/2 200 OK
content-length: 73790
date: Thu, 23 Feb 2023 07:30:28 GMT
access-control-allow-origin: *
etag: "63f47caa-1203e"
expires: Thu, 23 Feb 2023 08:30:28 GMT
last-modified: Tue, 21 Feb 2023 11:11:22 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: application/javascript
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22

35.241.9.150

200 OK

935 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (935), with no line terminators
Size
935 B (935 bytes)
Hash
6c796237d371d417e638a02a0cd932e7
6d289d3a27964ab953e0dd0d0d771ce754bc8851
b8d634496126a0452c5b9443293308160c29efffa1462027e0161876494982e8

HTTP Headers

GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 935
via: 1.1 google
date: Thu, 23 Feb 2023 06:40:59 GMT
age: 2969
last-modified: Mon, 20 Feb 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22

35.241.9.150

200 OK

22 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (22469), with no line terminators
Size
22 kB (22469 bytes)
Hash
17717d070272f82b3d1e5ea83e8cb663
71c48b44180dd2fa42c9506df93de407f8ad3362
e9499f291df345def3e65b7c951365247357ba986c5c4aaf74c24bae96402a23

HTTP Headers

GET /v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 22469
via: 1.1 google
date: Thu, 23 Feb 2023 07:07:08 GMT
age: 1400
last-modified: Thu, 16 Feb 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

vc.hotjar.io/sessions/2606090?s=0.25&r=0.18154952020182802

54.230.111.91

204 No Content

0 B

URL HTTP/2
vc.hotjar.io/sessions/2606090?s=0.25&r=0.18154952020182802
IP
54.230.111.91:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sessions/2606090?s=0.25&r=0.18154952020182802 HTTP/1.1
Host: vc.hotjar.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive

HTTP/2 204 No Content
access-control-allow-origin: *
cache-control: no-store
date: Thu, 23 Feb 2023 07:30:28 GMT
server: Python/3.7 aiohttp/3.5.4
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OGVKh6vKr0rR_PGmih7Wjthm6jccPDQ9Um4g2KIIzKtynPrNz2MeOA==
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: HOyG+RxnDUwQGPyhAhDrb3PMd3e4K3NLeEER7L+k56tJX1Cwg7BiLP5hUiQULA5UQ8r4jnn63+c=
x-amz-request-id: 8HAX3BJSEBY29X7Z
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Feb 2023 07:23:32 GMT
age: 416
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1675943045406&_since=%221657747510534%22

35.241.9.150

200 OK

2.4 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1675943045406&_since=%221657747510534%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (2387), with no line terminators
Size
2.4 kB (2387 bytes)
Hash
ffc6488079ed80a847550c9639a3dcbb
c605ae42b2e5f24edd322ff3dedcdb59487e3ffe
54185fa9e3158fc0bf16e9fc85b801f488dec533221128b5e00a12425d22b9b2

HTTP Headers

GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1675943045406&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 2387
via: 1.1 google
date: Thu, 23 Feb 2023 06:39:21 GMT
age: 3067
last-modified: Thu, 16 Feb 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.comodoca.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.comodoca.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
46326506506bbba7bad0eafebb6a7f50
43cd7fdddb89c6686f37405b73fe91486dc3c164
5d2d05168a6744b92819f749b0f7b6dddb69e584390a8b9b4c174493148b6c9d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 23 Feb 2023 07:30:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 21 Feb 2023 16:47:32 GMT
Expires: Tue, 28 Feb 2023 16:47:31 GMT
Etag: "43cd7fdddb89c6686f37405b73fe91486dc3c164"
Cache-Control: max-age=602132,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 481
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79de41a0ef2c0b45-OSL

ocsp.comodoca.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.comodoca.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
46326506506bbba7bad0eafebb6a7f50
43cd7fdddb89c6686f37405b73fe91486dc3c164
5d2d05168a6744b92819f749b0f7b6dddb69e584390a8b9b4c174493148b6c9d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 23 Feb 2023 07:30:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 21 Feb 2023 16:47:32 GMT
Expires: Tue, 28 Feb 2023 16:47:31 GMT
Etag: "43cd7fdddb89c6686f37405b73fe91486dc3c164"
Cache-Control: max-age=602132,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 481
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79de41a0e98fb4ed-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cd04d923e6b3cbd7cac3c56d18ca9016
7d3205fb454124635afcbfcf2265ce504c778ef1
fc857fad800eb3c6f2a3f28007b1b81f2a95e4968d376f47238a681f9c958475

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC857FAD800EB3C6F2A3F28007B1B81F2A95E4968D376F47238A681F9C958475"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2730
Expires: Thu, 23 Feb 2023 08:15:58 GMT
Date: Thu, 23 Feb 2023 07:30:28 GMT
Connection: keep-alive

1win-cdn.com/js/icons-common.d0f378f6.js

104.26.5.11

200 OK

65 kB

URL HTTP/2
1win-cdn.com/js/icons-common.d0f378f6.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
65 kB (65297 bytes)
Hash
85c23421ab8e29116c133cfb73edd7de
727bace810eec518cfc6662fb094af08bbcdab25
0f6f290d8e6763f4f80d8d666550c0bb2c71d2cab33ab4d9266587aadcdf9658

HTTP Headers

GET /js/icons-common.d0f378f6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=236345
access-control-allow-origin: *
etag: W/"63f37b3f-39b39"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 13:53:03 GMT
cf-cache-status: HIT
age: 236173
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VHfR6vC501j2YOuO9n6lBmOxKXB%2BYSkBO1TYwVhHmxFxSGO%2B8MpVE%2B8azHsLo1VTsjiVuV9ghSM3YsWloGrjvyLpiTDTPNhrD1fWedCUJRww%2FzjNToJucvkdSpslZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4198ed3cb521-OSL
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cd04d923e6b3cbd7cac3c56d18ca9016
7d3205fb454124635afcbfcf2265ce504c778ef1
fc857fad800eb3c6f2a3f28007b1b81f2a95e4968d376f47238a681f9c958475

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC857FAD800EB3C6F2A3F28007B1B81F2A95E4968D376F47238A681F9C958475"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2730
Expires: Thu, 23 Feb 2023 08:15:58 GMT
Date: Thu, 23 Feb 2023 07:30:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cd04d923e6b3cbd7cac3c56d18ca9016
7d3205fb454124635afcbfcf2265ce504c778ef1
fc857fad800eb3c6f2a3f28007b1b81f2a95e4968d376f47238a681f9c958475

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC857FAD800EB3C6F2A3F28007B1B81F2A95E4968D376F47238A681F9C958475"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2730
Expires: Thu, 23 Feb 2023 08:15:58 GMT
Date: Thu, 23 Feb 2023 07:30:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cd04d923e6b3cbd7cac3c56d18ca9016
7d3205fb454124635afcbfcf2265ce504c778ef1
fc857fad800eb3c6f2a3f28007b1b81f2a95e4968d376f47238a681f9c958475

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC857FAD800EB3C6F2A3F28007B1B81F2A95E4968D376F47238A681F9C958475"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2730
Expires: Thu, 23 Feb 2023 08:15:58 GMT
Date: Thu, 23 Feb 2023 07:30:28 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07a7f783-b830-48ee-af41-9e919bf61c16.jpeg

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07a7f783-b830-48ee-af41-9e919bf61c16.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7286 bytes)
Hash
e767c4b566f75c2e5c384d79c874a982
3aa715f0e3a2fbc2a6be06a1284610be50685023
eb40b67d33ffb31a5acb809c4da06e3a82c49990b78f34407d56d22c444cf11c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07a7f783-b830-48ee-af41-9e919bf61c16.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7286
x-amzn-requestid: 3c5826ab-c99d-41c0-8145-561cab4d1d01
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AwqTQFtaIAMFW3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f68a7a-4e4d07a87e805c5c16837dfe;Sampled=0
x-amzn-remapped-date: Wed, 22 Feb 2023 21:34:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: anJcs_dDaqQi_kTT67paSKY90nqjll-QXuFboe1wV_26pr5WK5iNtw==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 21:45:02 GMT
age: 35126
etag: "3aa715f0e3a2fbc2a6be06a1284610be50685023"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faaed7132-17d0-4617-b3f8-f713aec9243a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5786 bytes)
Hash
25600c45164795c721b8cc679e1c00b2
1b5a850ab8518b01cd1c37d22abd0a835bfc7cc8
39e57a7d1101cff67274a0bcdbb20faed021c38679f833613a7165804fa11d86

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faaed7132-17d0-4617-b3f8-f713aec9243a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5786
x-amzn-requestid: ea349af3-40dd-41e1-97fe-a809f6d5eee5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AuruGHcJoAMF6Mw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f5bff3-19724f456dc7624217b24550;Sampled=0
x-amzn-remapped-date: Wed, 22 Feb 2023 07:10:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: USRXxr5x55UUBScc_mpikrEIIBB2xN0Z72vZzUAyxRuNUwYUqrqvXg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 07:33:19 GMT
age: 86229
etag: "1b5a850ab8518b01cd1c37d22abd0a835bfc7cc8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F04e67897-b0ef-4c04-a8de-f6f092510d32.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5894 bytes)
Hash
b71d2b327e4b858ce631d4d3d7ebeb4a
d35b46e26cab53baf794abc95a9796fc681f8d6d
e69798f5c9b6b1e33b8e7b3dc2ea1c463f06d4ba4fbc3b08e1fdd13d19b4756b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F04e67897-b0ef-4c04-a8de-f6f092510d32.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5894
x-amzn-requestid: 70cc1517-7f08-4576-ba9a-2d049ce63647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AwqgqHB5oAMFcXw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f68ad0-7d8e36ec44432c5a69c0662c;Sampled=0
x-amzn-remapped-date: Wed, 22 Feb 2023 21:36:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XjhltuUdm4owh8FuXWiT6hh0ov_GuQHpbMnDxm2cCaWrwq3rrvJZJw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 21:55:57 GMT
age: 34471
etag: "d35b46e26cab53baf794abc95a9796fc681f8d6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1585e234-d4e0-4e4e-8699-70831e5a915e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9721 bytes)
Hash
e4016fa20fa2642f89d375fcc2855d4b
f1733be34a214e9565208f814dd3990f89cafbcb
74686e6a674433c436bce8c70cecc1a2cde51e82241e8251188ebd587fd4ee18

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1585e234-d4e0-4e4e-8699-70831e5a915e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9721
x-amzn-requestid: 5ddea3ff-b6e2-4528-8e71-eade54612b4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AwqR3HJpoAMF5LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f68a72-413219251feae2e32b9e6857;Sampled=0
x-amzn-remapped-date: Wed, 22 Feb 2023 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iHR9N5OPgY8mjpsZowY-Ipeq62c8O_QQorpNmIOa68_vmWyY0eqt-A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 21:44:15 GMT
age: 35173
etag: "f1733be34a214e9565208f814dd3990f89cafbcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7713f4b5-c3f3-4d1b-b482-207e7dba9b9f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6136 bytes)
Hash
74dd13a48eb1b654aa657ac1b50abd24
4b5a935ba7d60b1f68e89d56115a91bd90fef982
c2edd14bfbfcce7e37c6226b47f31a133e9e51efcd0dcbc2a33bc89c564446d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7713f4b5-c3f3-4d1b-b482-207e7dba9b9f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6136
x-amzn-requestid: a2466096-4fbe-43aa-8f32-b4bd90d8a0d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Auq1HFb2oAMFS9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f5be86-453b0b3210b8885f0b64abda;Sampled=0
x-amzn-remapped-date: Wed, 22 Feb 2023 07:04:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BRkPt2338yZWlb7HpFKHHk8N2p_U2nr2X0iXcBbdNeViMpw_eNkbyQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Feb 2023 07:17:08 GMT
age: 800
etag: "4b5a935ba7d60b1f68e89d56115a91bd90fef982"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f9477dd-9700-4cbd-8d0e-37bd76c53a93.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7734 bytes)
Hash
e7cd1e9feb9abc7f7d7f0d5fc7b181f0
cf3ce1808c48e1a86910e16731a044f6cb26275d
426c90298d5a0807b7820d803ce2907268df1195e15d5582eb0ff2f3deeb318c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f9477dd-9700-4cbd-8d0e-37bd76c53a93.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7734
x-amzn-requestid: fe4dc342-33b6-45f6-984c-2c71dfa0ec13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AtX-lGiJoAMFW3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f539f6-489049413f3cb63c537f20d0;Sampled=0
x-amzn-remapped-date: Tue, 21 Feb 2023 21:39:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KyUqB4zqsHWgCv7C3-PymFep4oVmPy4ZHFf75lYOfWbb4qgvVRqoLg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 21:51:47 GMT
age: 34721
etag: "cf3ce1808c48e1a86910e16731a044f6cb26275d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

api.amplitude.com/

35.83.236.67

200 OK

0 B

URL HTTP/2
api.amplitude.com/
IP
35.83.236.67:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: cross-origin-resource-policy
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: cross-origin-resource-policy
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je32m0h2&_p=932505347&cid=585520935.1677137437&ul=en-us&sr=1280x1024&_s=1&sid=1677137437&sct=1&seg=0&dl=https%3A%2F%2F1wrcnz.top%2F&dt=1win%20-%20Loading&en=page_view&_fv=1&_nsi=1&_ss=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je32m0h2&_p=932505347&cid=585520935.1677137437&ul=en-us&sr=1280x1024&_s=1&sid=1677137437&sct=1&seg=0&dl=https%3A%2F%2F1wrcnz.top%2F&dt=1win%20-%20Loading&en=page_view&_fv=1&_nsi=1&_ss=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je32m0h2&_p=932505347&cid=585520935.1677137437&ul=en-us&sr=1280x1024&_s=1&sid=1677137437&sct=1&seg=0&dl=https%3A%2F%2F1wrcnz.top%2F&dt=1win%20-%20Loading&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1wrcnz.top
date: Thu, 23 Feb 2023 07:30:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/js/10.fff54e18.js

104.26.5.11

200 OK

4.7 kB

URL HTTP/2
1win-cdn.com/js/10.fff54e18.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (11261), with no line terminators
Size
4.7 kB (4749 bytes)
Hash
de7ecef9617c087841f8e667105b9473
8ae3dd8d0dfd4a5630178045de86479a30d50b0c
aafe07b9113f16aa35a3fcaee119454d45e2bce3ebd50948992fb176619be968

HTTP Headers

GET /js/10.fff54e18.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=11301
access-control-allow-origin: *
etag: W/"63f343d8-2c25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:40 GMT
cf-cache-status: HIT
age: 250334
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B6L2iFCKFn2zu2GDqpbW6fEYyKsmF99hPSLXF4BwcBqyqeUOZvv1YhYG22dh7yueslh%2BelWgcV5RVCyfwXGc8fmIsAkVW0UilslJYlF5MbXL9VD5cziYvE3SMeq2iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a27fcbb521-OSL
content-encoding: br
X-Firefox-Spdy: h2

mc.yandex.ru/metrika/advert.gif

77.88.21.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/metrika/advert.gif
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Thu, 23 Feb 2023 07:30:28 GMT
access-control-allow-origin: *
etag: "63f47caa-2b"
expires: Thu, 23 Feb 2023 08:30:28 GMT
accept-ranges: bytes
last-modified: Tue, 21 Feb 2023 11:11:22 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

1win-cdn.com/js/8266.261fb911.js

104.26.5.11

200 OK

18 kB

URL HTTP/2
1win-cdn.com/js/8266.261fb911.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
18 kB (17797 bytes)
Hash
4745f095909858e6c8cce85bb3685e8e
86323d9409553ec3295e5885f8d2cc359e2ab293
71cfc8c018412dc5dec8d3dcdb0dac78614642b6843f523823bc668cf2dbc706

HTTP Headers

GET /js/8266.261fb911.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=95323
access-control-allow-origin: *
etag: W/"63f493bb-1745b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 21 Feb 2023 09:49:47 GMT
cf-cache-status: HIT
age: 163135
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YZ3bXLOrpxQr%2F47wq4YYk7rOvN%2FGT1lUrtq4EyqhkMfKsC3R39mH%2BD%2FjIw6FqoetqrZAtSJ5GZ2NDkci91QquQ27zu1FmcraELlvxD5QSr5s20bFwDwwUGD2O%2BMRlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a26fc3b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/js/541.a9d4d7c3.js

104.26.5.11

200 OK

3.9 kB

URL HTTP/2
1win-cdn.com/js/541.a9d4d7c3.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (11173), with no line terminators
Size
3.9 kB (3861 bytes)
Hash
b1ad2ef9d7430f1e915a6b4d2be8fb07
b08694c377e0026025ace8f2e7cd959cd50d9724
7313eaae5b17c7c87aa42157a184f4ac2d60569af10fbc147616caaf803b7e50

HTTP Headers

GET /js/541.a9d4d7c3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=11217
access-control-allow-origin: *
etag: W/"63f37b40-2bd1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 13:53:04 GMT
cf-cache-status: HIT
age: 236120
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ww3tF%2B2a4r4kv6NOkXi0CkITrs%2F7o2KEdI6SvPS8c5ZvJqMcqocmJ5FaUzJEPl16gqfEY78XVIg9zxbprvFsGvzmMqJ2%2BA69njzIT8IJq%2FRtp1KC9WT1o9kRi4ai8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a26fc4b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win.direct/socket.io/?Language=en&EIO=3&transport=websocket

134.122.54.186

101 Switching Protocols

0 B

URL HTTP/1.1
1win.direct/socket.io/?Language=en&EIO=3&transport=websocket
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?Language=en&EIO=3&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wrcnz.top
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Kls1CShprrWICYx6fohQQg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: +98hzQZrBidmv+i4KjXDzF/sygI=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=448e39fa50c791cb; Path=/; HttpOnly
Upgrade: websocket

mc.yandex.ru/watch/92006234?wmode=7&page-url=https%3A%2F%2F1wrcnz.top%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A1194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A736808800002%3Ahid%3A178057334%3Az%3A0%3Ai%3A20230223073037%3Aet%3A1677137438%3Ac%3A1%3Arn%3A305922831%3Arqn%3A1%3Au%3A1677137438210485216%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C261%2C112%2C0%2C322%2C0%2C%2C460%2C1%2C%2C%2C%2C1468%3Aco%3A0%3Ans%3A1677137434733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1677137438%3At%3A1win%20-%20Loading&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)

77.88.21.119

302 Found

275 B

URL HTTP/2
mc.yandex.ru/watch/92006234?wmode=7&page-url=https%3A%2F%2F1wrcnz.top%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A1194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A736808800002%3Ahid%3A178057334%3Az%3A0%3Ai%3A20230223073037%3Aet%3A1677137438%3Ac%3A1%3Arn%3A305922831%3Arqn%3A1%3Au%3A1677137438210485216%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C261%2C112%2C0%2C322%2C0%2C%2C460%2C1%2C%2C%2C%2C1468%3Aco%3A0%3Ans%3A1677137434733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1677137438%3At%3A1win%20-%20Loading&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
data
Size
275 B (275 bytes)
Hash
519022b7f9c99d78c402a12108d8ceea
6c1e0658190f5f674217e8578e062e34c1895619
655a365f72718d604810adbe5ef2f12e0f7598ee46105721d92095abf56b5d86

HTTP Headers

GET /watch/92006234?wmode=7&page-url=https%3A%2F%2F1wrcnz.top%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A1194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A736808800002%3Ahid%3A178057334%3Az%3A0%3Ai%3A20230223073037%3Aet%3A1677137438%3Ac%3A1%3Arn%3A305922831%3Arqn%3A1%3Au%3A1677137438210485216%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C261%2C112%2C0%2C322%2C0%2C%2C460%2C1%2C%2C%2C%2C1468%3Aco%3A0%3Ans%3A1677137434733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1677137438%3At%3A1win%20-%20Loading&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 302 Found
location: /watch/92006234/1?wmode=7&page-url=https%3A%2F%2F1wrcnz.top%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A1194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A736808800002%3Ahid%3A178057334%3Az%3A0%3Ai%3A20230223073037%3Aet%3A1677137438%3Ac%3A1%3Arn%3A305922831%3Arqn%3A1%3Au%3A1677137438210485216%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C261%2C112%2C0%2C322%2C0%2C%2C460%2C1%2C%2C%2C%2C1468%3Aco%3A0%3Ans%3A1677137434733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1677137438%3At%3A1win%20-%20Loading&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Thu, 23 Feb 2023 07:30:28 GMT
access-control-allow-origin: https://1wrcnz.top
set-cookie: yabs-sid=856678491677137428; Path=/; SameSite=None; Secure
i=HHCg1J3mdEVe1Pv0+YteYThacrVx6qAGBg54+TG1jISTUY5NDE4GNns83GarmGbygqvt9rzD/l8O87GmHQL43kWZW+s=; Expires=Sun, 20-Feb-2033 07:30:22 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=8038426811677137428; Expires=Fri, 23-Feb-2024 07:30:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=8038426811677137428; Expires=Fri, 23-Feb-2024 07:30:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1708673428.yc.1677137428#1708673428.yrts.1677137428#1708673428.yrtsi.1677137428; Expires=Fri, 23-Feb-2024 07:30:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 23-Feb-2023 07:30:28 GMT
last-modified: Thu, 23-Feb-2023 07:30:28 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

api.amplitude.com/

35.83.236.67

200 OK

7 B

URL HTTP/2
api.amplitude.com/
IP
35.83.236.67:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
260ca9dd8a4577fc00b7bd5810298076
53a5687cb26dc41f2ab4033e97e13adefd3740d6
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

HTTP Headers

POST / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1099
Cross-Origin-Resource-Policy: cross-origin
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
trace-id: Root=1-63f71614-7d42492170237b155e58432b
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

1wrcnz.top/1.txt?1677137437676

190.115.24.78

200 OK

8 B

URL HTTP/2
1wrcnz.top/1.txt?1677137437676
IP
190.115.24.78:0
ASN
#262254 DDOS-GUARD CORP.

File type
ASCII text
Size
8 B (8 bytes)
Hash
48cfef8b3001a8c220dc815870f9916e
b77e871e72a3083c4bb31d6bcb5a257557181269
3d2c759213949af96fbdcd756a5146f64a9acadf9625bd7a9feb04bb4517b4f9

HTTP Headers

GET /1.txt?1677137437676 HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrcnz.top/sw.db344b25.js
Connection: keep-alive
Cookie: visit_domain=1wrcnz.top; core-sticky=http://10.233.72.195:80; amp_494ccc=0jLQyK9s7WVauTGSitWWN8...1gpuisnrh.1gpuiso6c.0.3.3; amplitude-device-id=23d207a2-2af7-4eba-9f41-19599a058d79; 1w_lang=en; _gcl_au=1.1.1846652071.1677137437; _ga_548949LWLW=GS1.1.1677137437.1.0.1677137437.0.0.0; _ga=GA1.1.585520935.1677137437; _hjSessionUser_2606090=eyJpZCI6IjAwYzBkNDQxLTcwNmYtNWZhMC04Mzg3LWIyMWYyMzZiZDM5YSIsImNyZWF0ZWQiOjE2NzcxMzc0MzcyNjYsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample_2606090=0; _hjSession_2606090=eyJpZCI6IjZiYzI3ZDcyLTg2YjItNDhjNy1iNDhlLTRlNjJiZjVjNDUwZSIsImNyZWF0ZWQiOjE2NzcxMzc0MzcyNjksImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=1; _hjHasCachedUserAttributes=true; _ym_uid=1677137438210485216; _ym_d=1677137438
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:15 GMT
content-type: text/plain
content-length: 8
last-modified: Wed, 22 Feb 2023 10:12:40 GMT
etag: "63f5ea98-8"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

1win-cdn.com/css/5616.80aa74eb.css

104.26.5.11

200 OK

2.9 kB

URL HTTP/2
1win-cdn.com/css/5616.80aa74eb.css
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (20616), with no line terminators
Size
2.9 kB (2905 bytes)
Hash
d999dc148234bbd64fb4abf9396c1c45
26eec0ce997b1610c168fb0436f97210e659708c
e9de330a51855e818aa5f61a0350375e815cf2166701256637239697795e56ff

HTTP Headers

GET /css/5616.80aa74eb.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
access-control-allow-origin: *
etag: W/"63a42a53-5088"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
cf-cache-status: HIT
age: 5434135
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1f1VJRTEqX%2F8nF2nHUbvv1xWfAB8NSFDVyzoo3kccVeb8m3RgBOchMbFtPYO1u5Bbo4RyubTgvwp61aQClxVN8uoFDBYvOVW%2Fl%2F8StKAmqbLdBsN70kcMDgMU%2Bo4gA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a27fccb521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/img/present-with-light.bd57fb06-151.png

104.26.5.11

200 OK

6.7 kB

URL HTTP/2
1win-cdn.com/img/present-with-light.bd57fb06-151.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 151 x 161, 8-bit colormap, non-interlaced\012- data
Size
6.7 kB (6732 bytes)
Hash
6e2f4fff39b3a495fecefe5fee863c51
d358f1c8d7fe7298feea325c7ea6d145a3634026
4800fa860802fd0e46629776201afccd5adc1bf6b8b5a45a5e7c46d8d3b2a690

HTTP Headers

GET /img/present-with-light.bd57fb06-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 6732
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-1a4c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5434118
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GvcfUwrtjdCZnWTpDM4Q3l0vA0BQ%2FbVhje3sxr0pLRuOSOXZy3mwsP7g%2F%2Fttk1gzeTDsL%2F4OL1zma0I85z%2F0wdykktqN%2BR5%2B9yCrE%2FiFMx4YfF1m5iWQzfefemudxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a76d82b521-OSL
X-Firefox-Spdy: h2

1wrcnz.top/img/logo/1w_logo.png

190.115.24.78

200 OK

4.8 kB

URL HTTP/2
1wrcnz.top/img/logo/1w_logo.png
IP
190.115.24.78:0
ASN
#262254 DDOS-GUARD CORP.

File type
PNG image data, 323 x 164, 8-bit colormap, non-interlaced\012- data
Size
4.8 kB (4799 bytes)
Hash
e7d8fcc746006b1abde034aaaeee2e82
b97e142443e0ac2f4f76e48da17805cbfe5bba9b
f747b621f083b8057bc6cac94a48be972e710b5ff250c15aa7edda226d1a2e3a

HTTP Headers

GET /img/logo/1w_logo.png HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrcnz.top/bets/home
Connection: keep-alive
Cookie: visit_domain=1wrcnz.top; core-sticky=http://10.233.72.195:80; amp_494ccc=0jLQyK9s7WVauTGSitWWN8...1gpuisnrh.1gpuiso6c.0.3.3; amplitude-device-id=23d207a2-2af7-4eba-9f41-19599a058d79; 1w_lang=en; _gcl_au=1.1.1846652071.1677137437; _ga_548949LWLW=GS1.1.1677137437.1.0.1677137437.0.0.0; _ga=GA1.1.585520935.1677137437; _hjSessionUser_2606090=eyJpZCI6IjAwYzBkNDQxLTcwNmYtNWZhMC04Mzg3LWIyMWYyMzZiZDM5YSIsImNyZWF0ZWQiOjE2NzcxMzc0MzcyNjYsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample_2606090=0; _hjSession_2606090=eyJpZCI6IjZiYzI3ZDcyLTg2YjItNDhjNy1iNDhlLTRlNjJiZjVjNDUwZSIsImNyZWF0ZWQiOjE2NzcxMzc0MzcyNjksImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=1; _hjHasCachedUserAttributes=true; _ym_uid=1677137438210485216; _ym_d=1677137438; 1w_locale=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:15 GMT
content-type: image/png
content-length: 4799
last-modified: Wed, 22 Feb 2023 10:12:40 GMT
etag: "63f5ea98-12bf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: DENY
accept-ranges: bytes
X-Firefox-Spdy: h2

1wrcnz.top/common/title?path=bets&lang=en

190.115.24.78

200 OK

16 B

URL HTTP/2
1wrcnz.top/common/title?path=bets&lang=en
IP
190.115.24.78:0
ASN
#262254 DDOS-GUARD CORP.

File type
JSON data\012- , ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

HTTP Headers

GET /common/title?path=bets&lang=en HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrcnz.top/
Connection: keep-alive
Cookie: visit_domain=1wrcnz.top; core-sticky=http://10.233.72.195:80; amp_494ccc=0jLQyK9s7WVauTGSitWWN8...1gpuisnrh.1gpuiso6c.0.3.3; amplitude-device-id=23d207a2-2af7-4eba-9f41-19599a058d79; 1w_lang=en; _gcl_au=1.1.1846652071.1677137437; _ga_548949LWLW=GS1.1.1677137437.1.0.1677137437.0.0.0; _ga=GA1.1.585520935.1677137437; _hjSessionUser_2606090=eyJpZCI6IjAwYzBkNDQxLTcwNmYtNWZhMC04Mzg3LWIyMWYyMzZiZDM5YSIsImNyZWF0ZWQiOjE2NzcxMzc0MzcyNjYsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample_2606090=0; _hjSession_2606090=eyJpZCI6IjZiYzI3ZDcyLTg2YjItNDhjNy1iNDhlLTRlNjJiZjVjNDUwZSIsImNyZWF0ZWQiOjE2NzcxMzc0MzcyNjksImluU2FtcGxlIjpmYWxzZX0=; _hjAbsoluteSessionInProgress=1; _hjHasCachedUserAttributes=true; _ym_uid=1677137438210485216; _ym_d=1677137438; 1w_locale=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:15 GMT
content-type: application/json; charset=utf-8
content-length: 16
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2

1win-cdn.com/img/best-bitcoin-casino.9c1716b1-50.png

104.26.5.11

200 OK

1.0 kB

URL HTTP/2
1win-cdn.com/img/best-bitcoin-casino.9c1716b1-50.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
1.0 kB (1035 bytes)
Hash
d17d9ae707b485a356eec325e36aa505
650fc9b7790343d87eacfa5f5466ecf659f3b9a7
5bca66d0040f92e3f15089ebc1f46687cf7bde68d46db0fb286113aaba9ac57f

HTTP Headers

GET /img/best-bitcoin-casino.9c1716b1-50.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 1035
last-modified: Wed, 21 Dec 2022 11:04:29 GMT
etag: "63a2e83d-40b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5502158
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K0jvgd4MZ6i5JopvKxQm%2FrTfDHefggdeoV%2FWL7yiueyvBg6SBqd6b5D%2F1%2Bk%2FWWvDAAk1tBt5ZH%2Brjb6kIqVV%2FFZ8c1NwPX3ZS%2BOW92eeW18DWpXdPExDp6kOw2Q75w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bddab521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/casinos-analyzer.896bc525-182.png

104.26.5.11

200 OK

2.0 kB

URL HTTP/2
1win-cdn.com/img/casinos-analyzer.896bc525-182.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 182 x 50, 8-bit colormap, non-interlaced\012- data
Size
2.0 kB (2047 bytes)
Hash
75b2e733b195a4dc9229efa156e5a67a
f1755917d01bb31e56ab6e68c16656f6ffa9c38a
58a6718ce885d0923e0c0cdf64b8017396068f6c4c7ebda40fe951221dfb7475

HTTP Headers

GET /img/casinos-analyzer.896bc525-182.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 2047
last-modified: Wed, 21 Dec 2022 11:04:29 GMT
etag: "63a2e83d-7ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5502158
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ij6ty9eB8XsPj7Fqa5tqSt6WY2P3s%2BkI9TuwCyWJc5bqGAB%2FvVpyHSSLCroSBxyrhEBFbZ8%2Bacw8KxVlPsFWDUk%2F4mWJR2faeCcRt7%2F3AAtm3zM9ALx3IHEnbKTj0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bddcb521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/casino-mentor.f6b6387a-172.png

104.26.5.11

200 OK

2.0 kB

URL HTTP/2
1win-cdn.com/img/casino-mentor.f6b6387a-172.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 172 x 50, 8-bit colormap, non-interlaced\012- data
Size
2.0 kB (1976 bytes)
Hash
1c8fa7ed406056b760b1171b49f8fd73
601643736f0c6bdce0531f5bc5252a96879d1ad1
c4ff5a6ee1315f5e5eeb287189912baaae7e032f178ccad3c575d6f8d99d4916

HTTP Headers

GET /img/casino-mentor.f6b6387a-172.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 1976
last-modified: Wed, 21 Dec 2022 11:04:29 GMT
etag: "63a2e83d-7b8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5502158
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lFKLZPOjucSpkC6by6g%2Bfqbt1%2BJ3EsfK7s8%2FnBdgxaWPL4z6UGxdJaVQmFz5G0XB2L8eY3fmF2r4pmcljqm23TcAeR5%2BJkbgurxzYrL%2FCIYmSv3%2FFhwHsURI5%2BVSFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bdd9b521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/cricket-betting-wali.1863d1d9-43.png

104.26.5.11

200 OK

2.5 kB

URL HTTP/2
1win-cdn.com/img/cricket-betting-wali.1863d1d9-43.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 43 x 50, 8-bit colormap, non-interlaced\012- data
Size
2.5 kB (2508 bytes)
Hash
f4d8e1bf9ee6fb80b23760cae020a174
008045648a3c542d9ffb296b9ab7f57dce550274
207d2b3d3be139912aef09fc9c5f794a8853c2c3526ab30a3603b8767d7cd07e

HTTP Headers

GET /img/cricket-betting-wali.1863d1d9-43.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 2508
last-modified: Wed, 21 Dec 2022 11:04:29 GMT
etag: "63a2e83d-9cc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5502158
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bPvh4M10gPCXUIoU3PZB5lW4xPqelOX0RLYkIqx5yuiz1GrPZv%2FNFpLjWMEFsd2RW4DkK48bac%2FRhc41FeEzNFIQtgp9dcxDTWfRKHvpOiVxb1YbUnqx9wT43u96tQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bdddb521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/cricket-betting-guru.cfe7d426-500.png

104.26.5.11

200 OK

9.2 kB

URL HTTP/2
1win-cdn.com/img/cricket-betting-guru.cfe7d426-500.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 500 x 500, 8-bit colormap, non-interlaced\012- data
Size
9.2 kB (9249 bytes)
Hash
3c6da1041cc0873ff73533fd0e03f5a0
0666e13970c0698cf09ffafc9467ea705258c552
dfeed2cdb884b7769b5ee0fde60457b4b5380b7608c296b67e26c48dc1ca3f08

HTTP Headers

GET /img/cricket-betting-guru.cfe7d426-500.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 9249
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-2421"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5434118
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y1A5hiVob3yjF%2FviutRd4dHM9aB3dzpNYndP2nBJ0ltThRf5YrsTlIXIjkbSGw6eO%2BYUkoKvqb5IMAYqDUMzGORLh5zR9fVpm%2BwAvzFGBuFf3u9U84a1tgKy2mDZFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bde1b521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/free-money-link-image.4433e497-120.png

104.26.5.11

200 OK

6.3 kB

URL HTTP/2
1win-cdn.com/img/free-money-link-image.4433e497-120.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 120 x 97, 8-bit colormap, non-interlaced\012- data
Size
6.3 kB (6292 bytes)
Hash
8c77c77c33189721a876fefeadf5ca83
0b197aa9e55fe824b28e55b9e0591f8631b6c3c8
b2a4295182c1f7c9619a4d2f842be12f4cbc6c4bb8d2ea607f06ff3bc4099486

HTTP Headers

GET /img/free-money-link-image.4433e497-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 6292
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-1894"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5432220
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=srG0wjDAcu9wgJthD6TGupvNlK6DYATpztr04oVaw1hRaU5O2ZMEyX%2F3geWulyZ%2B4JliRHxJJJruFk7MgaAKaGjfDk%2BVXIjQNAX8YP4%2Fl44xS1GN90WYId9VjWeUVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bde3b521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-roulette-frame@2.76ea5a24-256.png

104.26.5.11

200 OK

30 kB

URL HTTP/2
1win-cdn.com/img/sprite-roulette-frame@2.76ea5a24-256.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Size
30 kB (29770 bytes)
Hash
fa83f73358ed73cbd8a0faf0d8e6c019
586b95f1e5e1945abd0248e995f79274463c1cd8
ede3848497b96e7defd4c5d53133cf2e374487411186a66a6146191ae5692f77

HTTP Headers

GET /img/sprite-roulette-frame@2.76ea5a24-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 29770
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-744a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5432219
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zJeJciWkGR5wYvm7j9sH%2Bw5TV6Vqzi7JeYQGO5VTe5Cnjk%2BDBuU5GxZqeQvyji4V5Reosm%2BJ%2FAvlSYaRo5wuJRWBfM1uzJ04802Y6B6kQKletuT7D%2Fm9wt4KbqgNNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdecb521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d-256.png

104.26.5.11

200 OK

4.5 kB

URL HTTP/2
1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d-256.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Size
4.5 kB (4458 bytes)
Hash
40212134fb58f842529fa66647f1b7d2
e6d355ea609129942cde7b9d47e587ae5cc8596c
c04666bc555dfa0fbd2b5da4984cb813b58eab772e1fa1efa2fd2e62c6d11f7b

HTTP Headers

GET /img/sprite-tvbet-frame@2.52cde99d-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 4458
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-116a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5432220
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BckE2WJFmvcEMwS%2FbVGgO6nkJ0tmb9CkTKl%2BNFIBfMKTCQVQxgctBlo8Ykar4njiOWQdts%2BJ29eDZc0gefskfJ6OilTrNmOCGad2cA7RmpQGFjMpRavJKBsFVk1fGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cde9b521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-dice-frame@2.8e0d7067-256.png

104.26.5.11

200 OK

17 kB

URL HTTP/2
1win-cdn.com/img/sprite-dice-frame@2.8e0d7067-256.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Size
17 kB (17269 bytes)
Hash
b5469917695caf597285ce3e08c0e314
8d6b57a1590baf7531d688d5dde729ede7d02108
3353862bc343fe2f92faf7e59595d9aa80d2fbdc90c6677437daf3a9acd84b32

HTTP Headers

GET /img/sprite-dice-frame@2.8e0d7067-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 17269
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-4375"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5432220
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XiU%2FY1IX5U2o6KLWhnaTjPtHKrIIyTlr2%2FUxQb39n7r9MaMDTvbCwwLCU7OvMDSQaWnNKgpZVgR0L5MeJKiQ4T9jRffHCrjRLKFNQPR39pLyqAp%2FbxmO%2FMju02XkiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdf1b521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-tvbet@2.888adc8e-256.webp

104.26.5.11

200 OK

354 kB

URL HTTP/2
1win-cdn.com/img/sprite-tvbet@2.888adc8e-256.webp
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
354 kB (353842 bytes)
Hash
8df817e5ef0af5dc8279d3f20cae9bc3
12c85bcc74a48053c92f3f75ce3c14e1a19e46d3
61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee

HTTP Headers

GET /img/sprite-tvbet@2.888adc8e-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/webp
content-length: 353842
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-56632"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 4772
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=87hcvyHkosqKtwMTtLDsJkS4W7M2A4JL0xA2N1Q%2BYSvhjMaAWVBti98RceZATS4%2BJj%2B4gi8%2FyXGK3DH5NY0wRisizmgZ1duFfs9SKyJuzz3BL7IciMa2PO1uFs8h8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdebb521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-poker-frame@2.1caa31af-256.png

104.26.5.11

200 OK

10 kB

URL HTTP/2
1win-cdn.com/img/sprite-poker-frame@2.1caa31af-256.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Size
10 kB (10453 bytes)
Hash
74023900d89b98987ea3248f4a89a218
4ea53a2415cf89647c40a32c69b50bde861a40ed
484183c9f4d5b2d68649d3025af4d2b95a5cb71f40a1cf960d62e0e3560162ab

HTTP Headers

GET /img/sprite-poker-frame@2.1caa31af-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 10453
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: "63a42a53-28d5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5432219
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aI8uk3GIJRfZOaUdKFiz5GnflC7M8dGDE48NTas8j9XNyNcD8pcUwSUANpv7TvP93%2BhK9FiCYxx%2BHTG1YPZvJ%2FqMf2ECql0lafSjc%2B2zB%2BmmQ1DXvmt%2Fj7ZRjO3rwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdf7b521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/pwa_android_en.b229a444-690.png

104.26.5.11

200 OK

38 kB

URL HTTP/2
1win-cdn.com/img/pwa_android_en.b229a444-690.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced\012- data
Size
38 kB (37637 bytes)
Hash
8b6daeaca5784288934eb5c3dbc3401d
2df52222cb03510733d5f5c616278143e7f93f2d
53ee238e1169d7940016da0159e72a214403576447cf1b8cb384942a6200d191

HTTP Headers

GET /img/pwa_android_en.b229a444-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 37637
last-modified: Thu, 22 Dec 2022 11:20:11 GMT
etag: "63a43d6b-9305"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5427890
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dPLAWufZnXdJ76gAMxc7LerZObYND9JO6RToSICEWBkfRaw8bkSzXJYY9GJCVeA7hmj7agtvv9ZXXdwlhX4XeqgdFNWipyw2Zu6bQ5IT6jQnbCooPVJhShmasIyF9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdf9b521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/home-poker-banner-bg.87d81897-600.webp

104.26.5.11

200 OK

12 kB

URL HTTP/2
1win-cdn.com/img/home-poker-banner-bg.87d81897-600.webp
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
12 kB (11812 bytes)
Hash
d42d6b091c917baad89cc62f34b1ef8d
6915e60ae50f4b00af5083ce1217a7dab04df42d
9ac95cc43cf590f1f9a5dd85b5b0bf04d98e38d3005b6e4b436f8c04d09a66e9

HTTP Headers

GET /img/home-poker-banner-bg.87d81897-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/webp
content-length: 11812
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-2e24"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 6778
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o52CVBxOAa9GCkjb%2BRz0kYVmo8YmbOi7aMDfDmquDU9S6a74lFwns89Kg8P2oYX1tCPh1CK84iYna7y%2FA7CR8UIip0Hp5wH59rPjjBs9M4YLRZ25ZrIjyxLBmtNp%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7ddfdb521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/pwa_ios_en.f08ddb1e-690.png

104.26.5.11

200 OK

39 kB

URL HTTP/2
1win-cdn.com/img/pwa_ios_en.f08ddb1e-690.png
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced\012- data
Size
39 kB (39066 bytes)
Hash
2b063a8e2fb87b84cbf377d7a7fd389e
5c12f02ca086902c7fd9a5bd5de9eabce82c22a1
aa8f787e4db589a38a5c5a56bdb03f69329bfedc64649454f9fd370b78820b49

HTTP Headers

GET /img/pwa_ios_en.f08ddb1e-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/png
content-length: 39066
last-modified: Thu, 22 Dec 2022 11:20:11 GMT
etag: "63a43d6b-989a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5427889
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M3hfuzEbhOJdwSJOuPRuqcM9kqESylytcubBM5egGCWQzwM63NldNRMLcmZS7Y8pkMxQCpkHkYJdqHW41rkdjo9CjgcuY2TnCHD%2FnLwHAWi%2BkFawDcWjFagun%2F0lyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7de00b521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-roulette@2.25507485-256.webp

104.26.5.11

200 OK

720 kB

URL HTTP/2
1win-cdn.com/img/sprite-roulette@2.25507485-256.webp
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
720 kB (719644 bytes)
Hash
344d71695bd0f387fedd84fba6ace2c1
1d37e2d66ab1098072febc0a0dc3769d44090048
7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003

HTTP Headers

GET /img/sprite-roulette@2.25507485-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/webp
content-length: 719644
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-afb1c"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 6778
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B2IEgJWF4YnpfyJHrpNH96LsQF7L3Ju63LGPADyCOlur%2BbsLGkGl05h7sr8Wc%2BSXaEdI2xC056iDsmF4zNyuUV%2BW%2F4vrch9LNOlCJCYy4UUNghQZ9lPMoc8RM08mvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdefb521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-dice@2.6e1ac0ed-256.webp

104.26.5.11

200 OK

430 kB

URL HTTP/2
1win-cdn.com/img/sprite-dice@2.6e1ac0ed-256.webp
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
430 kB (429680 bytes)
Hash
abaa6833958bdc5427e6fa573cbfa70a
d43989916cc382e4e3d983933d9cd52a7d1dbeb2
51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92

HTTP Headers

GET /img/sprite-dice@2.6e1ac0ed-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/webp
content-length: 429680
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-68e70"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 6778
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PWD9YjsjHFzbQZfuwtAbLgfWi7OtJJQvgbw6fiHS8YRWlfQEPoIWZI7liwmD8VCJDSNnl7q9Hcku9Mnz7vmaFVPYqBHjg%2BmqVnHEbgRyvyCPjs6LsBLGr%2BGWtAz7BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdf4b521-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-poker@2.a38733e7-256.webp

104.26.5.11

200 OK

361 kB

URL HTTP/2
1win-cdn.com/img/sprite-poker@2.a38733e7-256.webp
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
361 kB (360930 bytes)
Hash
3da44652926631bc4fc847cfcbad6c71
a5f7955272162e543d5db897e200d00d3af22b22
354fe37cee669fe141e1e1dcb3b5a12df1ff2b9b34be38b4f2e20dd46fdb7d2a

HTTP Headers

GET /img/sprite-poker@2.a38733e7-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/webp
content-length: 360930
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-581e2"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 6778
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2rK%2FszHx7f4cSHI%2FpOUTXRXrHGp7ZWSso3RercnMHysoESORmyVIqUS1ydSO%2FfyeAeW2fPkhkzpsJd00WvqhqgWkZtzteFASDBqjPx2oT%2FnqRZx2BiYbneHMTWvZTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cdf8b521-OSL
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-cashback-casino.png@avif

104.26.5.11

200 OK

7.9 kB

URL HTTP/2
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-cashback-casino.png@avif
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image\012- data
Size
7.9 kB (7940 bytes)
Hash
f86f39dc44e8f92cc5658a394e833352
54093f2e69f448e122e771ec7c63d3cce35ffbdf
3fded209043aa6ec28cdff6321cff18c41238215a062dc02fab1af3915c637fe

HTTP Headers

GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-cashback-casino.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/avif
content-length: 7940
cache-control: public, max-age=604800
content-disposition: inline; filename="bonus-banner-cashback-casino.avif"
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjYxYTRlY2U4LTYzNWI4Ig"
expires: Fri, 24 Feb 2023 20:03:56 GMT
x-request-id: qdjXGVU6ABNNu9DaVfOre
x-cache-status: HIT
cf-cache-status: HIT
age: 441603
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a6%2BNsvnGcXk41nF0eC7Go8Rs2i81UMwEWCiT8UaDViDEOVsPmrG4X5jZcy7VGdS5b2tdUPyr5YlRprngAV6Bfak4ShXruBa0zEDjF7iYBZaxu1QiOQ9LylYwhLapJgTv0Trbe9yXCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a81e5ab521-OSL
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-deposit.png@avif

104.26.5.11

200 OK

4.3 kB

URL HTTP/2
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-deposit.png@avif
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image\012- data
Size
4.3 kB (4323 bytes)
Hash
22a160f55908549771f823852d5eaeea
267d86356fc72824681f08d9fd1207b77530c08d
bb19dc50ecc9dd60ce8760b73843ce465df86b78a76de6a924c813fc770a2f23

HTTP Headers

GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-deposit.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/avif
content-length: 4323
cache-control: public, max-age=604800
content-disposition: inline; filename="bonus-banner-deposit.avif"
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjYxYTRlY2UwLTU0YWIyIg"
expires: Fri, 24 Feb 2023 20:03:56 GMT
x-request-id: k_UiPjjC7eUn-KF9U943Q
x-cache-status: HIT
cf-cache-status: HIT
age: 150434
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aiWWW%2Fo79gsP2HYcv1P9lZ%2F1g6Z%2FvnhtlZTzAezAOa26Ag9KMNV77NCmqzYzvTtwPNh3jsoDLJ%2BJBqFf%2FRN0J%2FZ1tUtMw4szK73AJM1c0piuTSK65%2BJWddESS8MbK71Z71VSJ2iqWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a83e7eb521-OSL
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

2 B

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=ccfc3a7afaf3bea5; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

2 B

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=34ef6545137c396b; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

2 B

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=354749fb4b21f999; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

2 B

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=7d82a5442138bb2; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

2 B

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=8b4c1a5e1c326075; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

2 B

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=f5992271f47acd88; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

2 B

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=dd3a264ee44979d7; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

2 B

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=8dc2a9b990732965; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

2.7 kB

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (43897), with no line terminators
Size
2.7 kB (2705 bytes)
Hash
2f0d65832b38510812c17e643451d78e
5ca72f36ae8f1c28aaa52ec83e138a063c56c33d
a36a74165ce3cea1fa85f48e7cb83c5a058f53f4b820e478e2b478596e3a4c99

HTTP Headers

POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 71
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"a91-XKcvNq6PHCiqpS7IPhOKBjxWwz0"
set-cookie: core-sticky=c44be665c5d4d5a8; Path=/; HttpOnly
x-powered-by: Express
content-length: 2705
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

3.4 kB

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JSON data\012- , ASCII text, with very long lines (17749), with no line terminators
Size
3.4 kB (3362 bytes)
Hash
b1da0f55def6bae6eca720e54c5b8a1d
206692db7f4b3e76399da513e790f6fa7b18633b
2fbed773e4d7a4e04c956ed38b8f2f667b452cb4b6add9df05e91463314c5af5

HTTP Headers

POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 88
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"d22-IGaS239LPnY5naUT55D2+nsYYzs"
set-cookie: core-sticky=1eeac66bc30bb187; Path=/; HttpOnly
x-powered-by: Express
content-length: 3362
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

2.7 kB

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (43897), with no line terminators
Size
2.7 kB (2705 bytes)
Hash
2f0d65832b38510812c17e643451d78e
5ca72f36ae8f1c28aaa52ec83e138a063c56c33d
a36a74165ce3cea1fa85f48e7cb83c5a058f53f4b820e478e2b478596e3a4c99

HTTP Headers

POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 71
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"a91-XKcvNq6PHCiqpS7IPhOKBjxWwz0"
set-cookie: core-sticky=9a930a5d21d7f8a7; Path=/; HttpOnly
x-powered-by: Express
content-length: 2705
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

3.4 kB

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JSON data\012- , ASCII text, with very long lines (17749), with no line terminators
Size
3.4 kB (3362 bytes)
Hash
b1da0f55def6bae6eca720e54c5b8a1d
206692db7f4b3e76399da513e790f6fa7b18633b
2fbed773e4d7a4e04c956ed38b8f2f667b452cb4b6add9df05e91463314c5af5

HTTP Headers

POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 101
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"d22-IGaS239LPnY5naUT55D2+nsYYzs"
set-cookie: core-sticky=a4d32a3c17245593; Path=/; HttpOnly
x-powered-by: Express
content-length: 3362
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

50 kB

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
50 kB (50449 bytes)
Hash
47d16dd88693ec6c4125c739a947590f
def4715cdaa272050e43a50f1a7b211037b19049
659d4dc350a12fcd1379d308769e3ee5b4d2df77be300b47cc7b5abd5e91c8a5

HTTP Headers

POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 80
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"c511-3vRxXNqicgUOQ6UPGnshEDexkEk"
set-cookie: core-sticky=9baefe6ecc4dc6c5; Path=/; HttpOnly
x-powered-by: Express
content-length: 50449
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-social.11d06b0b.js

104.26.5.11

200 OK

45 kB

URL HTTP/2
1win-cdn.com/js/icons-pack-social.11d06b0b.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (20091), with no line terminators
Size
45 kB (44696 bytes)
Hash
6554385ae7c27cd06be96966eb40f44e
df0890e3c3a94a988251735cab5c00dff98b393f
ae236837a919689e95d1f3e7ec9e46e8d588eee7ffe127a0cb92e8e0deb6f3de

HTTP Headers

GET /js/icons-pack-social.11d06b0b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=20146
access-control-allow-origin: *
etag: W/"63f343d8-4eb2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:40 GMT
cf-cache-status: HIT
age: 250321
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4NY%2Fg8SOvoq1knevz7Olp%2BqYxP1XCqoEY%2Bq2KvJR1%2FIWNq0cnghIWxwwespd0RRGgJQUGHWADUUOuAtO%2FdRTouiVSSYOo5AE2TJQOEEMw3%2BSzIvVvuX6SDbl5v%2Fuvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a8cf29b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/fonts/SFNSDisplay.2b5dc965.woff2

104.26.5.11

200 OK

295 kB

URL HTTP/2
1win-cdn.com/fonts/SFNSDisplay.2b5dc965.woff2
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 295048, version 1.0\012- data
Size
295 kB (295048 bytes)
Hash
a54910c24518869ec095d604c76adb74
cd8ed32dd18b7f672bf502847242b0a9eee4c2c8
efdc0e9caf5e1b3f650e8ecd022ecd000bb070e1b0cf359eeb228603c325384b

HTTP Headers

GET /fonts/SFNSDisplay.2b5dc965.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1win-cdn.com/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: application/octet-stream
content-length: 295048
last-modified: Wed, 22 Feb 2023 10:11:58 GMT
etag: "63f5ea6e-48088"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ujlp8GzmBO5dupx6kf0KoDquqpRcMxZ%2FJB0B%2FEK1ylKGFVSEq8jFLyWmyKpFsEQIxOO2RDZWNqZkg6FwwyjpPKctyT7lx5v8QrwRyn%2Fn%2FWA4Sd%2BuVydT8cPYE3NJzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7cb4ab500-OSL
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

39 kB

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
39 kB (38695 bytes)
Hash
2e5fcd1f0e4e683c4fe0589b1ba4e559
2daaaf2a2205268b4d386b4d764cbafa5efa0127
c99ec2ba9e1903f17c880145614e69c70648db2ab71d91e9562826a7e982e70a

HTTP Headers

POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 85
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:29 GMT
etag: W/"9727-LaqvKiIFJotNOGtNdky6+l76ASc"
set-cookie: core-sticky=e92dc62ddb0844c3; Path=/; HttpOnly
x-powered-by: Express
content-length: 38695
X-Firefox-Spdy: h2

1win.direct/microservice/ask

134.122.54.186

200 OK

50 kB

URL HTTP/2
1win.direct/microservice/ask
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
50 kB (50449 bytes)
Hash
47d16dd88693ec6c4125c739a947590f
def4715cdaa272050e43a50f1a7b211037b19049
659d4dc350a12fcd1379d308769e3ee5b4d2df77be300b47cc7b5abd5e91c8a5

HTTP Headers

POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 67
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wrcnz.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 23 Feb 2023 07:30:30 GMT
etag: W/"c511-3vRxXNqicgUOQ6UPGnshEDexkEk"
set-cookie: core-sticky=896172513760bb74; Path=/; HttpOnly
x-powered-by: Express
content-length: 50449
X-Firefox-Spdy: h2

api.amplitude.com/

35.83.236.67

200 OK

7 B

URL HTTP/2
api.amplitude.com/
IP
35.83.236.67:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
260ca9dd8a4577fc00b7bd5810298076
53a5687cb26dc41f2ab4033e97e13adefd3740d6
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

HTTP Headers

POST / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2065
Cross-Origin-Resource-Policy: cross-origin
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:30 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
trace-id: Root=1-63f71616-4a189cc40ca73dd815b7c75e
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main

104.26.5.11

200 OK

2.1 kB

URL HTTP/2
1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with very long lines (3937), with no line terminators
Size
2.1 kB (2088 bytes)
Hash
8282773b0ed9451cee6932d923bb5139
62877199fabd763c080a5d3607aa24ddc6297b21
a8841b9b87ca59f6c1cc5846e5ac3e800d0847a24975b96a22e9d89a3d3a6d22

HTTP Headers

GET /common/banners/all-v2?lang=en&type=desktop&bannersType=main HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://1wrcnz.top
vary: Origin
x-frame-options: DENY
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LbW0R0MNvqPsu4Wn4AsfTeIHXSDiUEJCyZwsRDdkqbeEB4hnjwJX34T%2B8KQAdc3%2F7ppzhZGYFbtE0Q0Uf3Y78w4ee%2F6AWx3bczKaEAbmZYpgB38hpvK05T9sch1rNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79de41a7cb59b500-OSL
content-encoding: br
X-Firefox-Spdy: h2

ps250.1win-service.com/push-server-v2/?Language=en&snapshot_time=1677137436651&shouldCompress=true&EIO=3&transport=websocket

172.67.209.1

101 Switching Protocols

0 B

URL HTTP/1.1
ps250.1win-service.com/push-server-v2/?Language=en&snapshot_time=1677137436651&shouldCompress=true&EIO=3&transport=websocket
IP
172.67.209.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /push-server-v2/?Language=en&snapshot_time=1677137436651&shouldCompress=true&EIO=3&transport=websocket HTTP/1.1
Host: ps250.1win-service.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wrcnz.top
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Wqj5TB9md3b2bc4qySmJbA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Thu, 23 Feb 2023 07:30:32 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: 2y6f6SZ9tqISFY0g+clCgwVJ6+c=
sec-websocket-extensions: permessage-deflate
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pSKnLtBc%2BjFny5KVif0Gn%2B9HWU23LX07kZw7yISV8Sv8UhVL1%2Bl%2FWS79DTrZnHb2DpDHeOWJbpFZi3qiXqsLymnUQiX9xXQxdUrT1xWKK9RUrR8Bx%2FtNOwvjbR9Id%2FI4Z0UnIkbhCsHE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79de41b90f81b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

ocsp.pki.goog/s/gts1p5/bD9xEdP9SoU

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/bD9xEdP9SoU
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2ab72ca8d633e7df4aa232f626282e38
509af593368ed576ed0af971b3ca177aad965b92
6f5b4e6f868d40ae901ea61d7691bcbcd691fbbce6ffa10866bcb275cb8c9245

HTTP Headers

POST /s/gts1p5/bD9xEdP9SoU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 07:30:32 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

1win-cdn.com/img/fire.47bc0337.svg

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/img/fire.47bc0337.svg
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/fire.47bc0337.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/svg+xml
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: W/"63a42a53-244"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5432219
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=afFBOW8r6mgEm2E3at88bqXZ5nosCPdoJ%2B5IWR6u0Z7rfd%2FxpsFxSF3Q26Dtqbo15J7z2v8exMqRne3h22GSxC7XZH9NHi1kb6YTHCnSpFkZnuIBln4COAOsHs5XYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7add2b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/js/1705.d306728f.js

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/js/1705.d306728f.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/1705.d306728f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=29313
access-control-allow-origin: *
etag: W/"63f343d8-7281"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:40 GMT
cf-cache-status: HIT
age: 250337
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=snkjcD6EhWnBrb5G9Wk9XJKy4mTSoSUTx8BBib4kp3AeSdGzR82M9Ge2i609h4OkNnFObFQFZMsPcyQmjCFr1u9%2FWWIR4iZud7oUovX2ERFkKKTh77WQ9i0sayEiDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4198ed3db521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-sports-promotion.9bb32256.js

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/js/icons-pack-sports-promotion.9bb32256.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/icons-pack-sports-promotion.9bb32256.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=19260
access-control-allow-origin: *
etag: W/"63f343d8-4b3c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:40 GMT
cf-cache-status: HIT
age: 250331
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aED7VKUfD7IEdKMIjZyENmKq65%2FipE1PndgCE5KL%2F0BCWXMkvqKBW532mcsgbEBdzxiLLBuMDNrtQrBGyGMU5n6i2Pk3ffEsq0mv6yn3inLVlH%2Fdw5JyS2lK0qJ07w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7add4b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:30 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://1wrcnz.top
vary: Origin
x-frame-options: DENY
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n7d120%2FPcsB8J%2FDFlx5O%2B1pd6445K29VvWlD7pdiQXU0xSXhqz3kB3kkyy4wOExiYjhuoz2O8tReM%2FgEl9y%2BW1wLx9IShgn9Jasx9DGETsr%2BjKk9qj6IjpkVsDZM7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79de41a8cca4b500-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/js/desktop.aa1ef28f.js

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/js/desktop.aa1ef28f.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/desktop.aa1ef28f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:26 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=120067
access-control-allow-origin: *
etag: W/"63f5d9e5-1d503"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 22 Feb 2023 09:01:25 GMT
cf-cache-status: HIT
age: 80602
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OtUpancxWEdi7H4CKXzf123VGGN13nPhFYoWPzVnVtLJZu6EoyQ9%2By7qZl%2Fxw62jyAXH1MzWb%2Bwct93yAIolvpEEhcyfXY4euL4f8unXIBz7mc1fnK29Ubr0ws%2FkDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195e969b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/js/chunk-vendors.e69609d4.js

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/js/chunk-vendors.e69609d4.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/chunk-vendors.e69609d4.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 22 Feb 2023 10:11:57 GMT
etag: W/"63f5ea6d-6851e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HrMWJ9DVHVNJ62tCeVyrmb1fwJDb%2FUJioDBBzGmL4aqCMeOn2ui5zRRGvBsd66pSDh4Hw4YqIspO3KQ0Vbc4zw7slZWINMRvmvYlGKPOMTwgZkjF%2BygKkDZ3J36Zqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195cd1db500-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/img/flags/en.svg

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/img/flags/en.svg
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/svg+xml
last-modified: Mon, 23 Jan 2023 10:56:34 GMT
etag: W/"63ce67e2-8ae"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2665019
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EXUv7uyZZHixULwmItkwlef3XJjEsjXO6oXBTSCyybnto%2FRvTc15le8Jz%2FKjA6%2BE781g5HzBGFDymNO3PxMGGJnmeqVV9Xu3fr19Aa%2F4T%2BpKd%2BRXUhDykx10MezmLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7adcbb521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1wrcnz.top/sw.db344b25.js

190.115.24.78

200 OK

0 B

URL HTTP/2
1wrcnz.top/sw.db344b25.js
IP
190.115.24.78:0
ASN
#262254 DDOS-GUARD CORP.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw.db344b25.js HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:13 GMT
content-type: application/javascript
last-modified: Wed, 22 Feb 2023 10:12:40 GMT
etag: W/"63f5ea98-18bf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/9670.f36427a1.js

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/js/9670.f36427a1.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/9670.f36427a1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=612256
access-control-allow-origin: *
etag: W/"63f5ea6d-957a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 22 Feb 2023 10:11:57 GMT
cf-cache-status: HIT
age: 76372
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CcHhS4bATGZtLAUgqnpoc2vGrBdUyLCRg2lKDIGv1pyeN0v9YwzCGQ3jfiqeYTpj3di%2BwlxHQYebkrTiElqiOTpLrz03EOSUHg4SBMYlPdq%2FrxEE2mGtiTomSg03EQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4198ed41b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

api.lab.amplitude.com/sdk/vardata

151.101.194.132

200 OK

0 B

URL HTTP/2
api.lab.amplitude.com/sdk/vardata
IP
151.101.194.132:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

OPTIONS /sdk/vardata HTTP/1.1
Host: api.lab.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,x-amp-exp-user
Referer: https://1wrcnz.top/
Origin: https://1wrcnz.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://1wrcnz.top
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,POST,HEAD
access-control-allow-headers: authorization,x-amp-exp-user
x-amzn-trace-id: Root=1-63f71613-665fffac49e0eb300572e62f
x-content-type-options: nosniff
accept-ranges: bytes
date: Thu, 23 Feb 2023 07:30:28 GMT
x-served-by: cache-bma1648-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1677137428.892014,VS0,VE171
vary: Origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

1win-cdn.com/css/3998.93747433.css

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/css/3998.93747433.css
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/3998.93747433.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=68681
access-control-allow-origin: *
etag: W/"63eb7496-10c49"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 14 Feb 2023 11:46:30 GMT
cf-cache-status: HIT
age: 760154
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JZId4YwN0k2rP7Rghb0bgfFrZKun6LfBNiC2EgGQkBgSGYWQebhroWocpEgHAYTnHGnORjRv63R%2BY6hiPwHc26iFP12GArnOhEUJ4lj%2BqsXiPe2g65fjqsoaARm1CQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a28fd9b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/js/836.63a0cc43.js

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/js/836.63a0cc43.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/836.63a0cc43.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=22631
access-control-allow-origin: *
etag: W/"63f5d9e5-5867"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 22 Feb 2023 09:01:25 GMT
cf-cache-status: HIT
age: 80600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7R2ph2soh5mqUX9xqypXb%2F%2FP%2FN4cX7Gfcoh%2BCW0dXInJvzlTaJa69azmVEOmucCtQHcRn9qr3xWdtwK7W8PFv6oOrTYq2rS3Jwc3%2Bfo7x7eNC8cD4J1OnXURWLwOpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a28fe1b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/img/aviator-game-logo.2fb50dc0.svg

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/img/aviator-game-logo.2fb50dc0.svg
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/aviator-game-logo.2fb50dc0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: image/svg+xml
last-modified: Thu, 22 Dec 2022 09:58:43 GMT
etag: W/"63a42a53-bfa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5434117
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7nGqK7BFFJm%2BaKGZQ64QVZ2T4N4LyNSd4HiF7%2BH3lFiPs2uzXrxs9vPzcQSUho1weqUbI6Uz5EpRYPqtrJYAcKko3FBMWNu6xALouXS2sKVXYyvsv2bDLh9sAyNLUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7adcdb521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-payment-full.6272cc58.js

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/js/icons-pack-payment-full.6272cc58.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/icons-pack-payment-full.6272cc58.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=112398
access-control-allow-origin: *
etag: W/"63f343d9-1b70e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:41 GMT
cf-cache-status: HIT
age: 250331
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YZvTLXNQoS0HS1AKh7nq3F44NT4P4ou1rlretbYbJxXRadImZlv4kD%2FkMURfWbYG2HyH7qAOhzLuq4QmK1uygW1JeWNz6AiiF5NcFM8Pz8MetL2kCWqwQ9TfxZtjvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7bdd6b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1wrcnz.top/

190.115.24.78

200 OK

0 B

URL HTTP/2
1wrcnz.top/
IP
190.115.24.78:0
ASN
#262254 DDOS-GUARD CORP.

File type

Size
0 B (0 bytes)
Hash

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: 1wrcnz.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: openresty/1.19.9.1
date: Thu, 23 Feb 2023 07:31:12 GMT
content-type: text/html; charset=utf-8
x-frame-options: DENY
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/chunk-common.4ca56327.js

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/js/chunk-common.4ca56327.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/chunk-common.4ca56327.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrcnz.top
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 22 Feb 2023 10:11:57 GMT
etag: W/"63f5ea6d-41ab"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCzxOfSHzse%2B7nazmbwLyesrSWeTgj%2BCkLzglb7vhDihqs6%2Bap2krIlO9qrsFrGK13ASDFpbLnLA%2BJrpBUl2UyvGDniFLLItHr9QKUbFbpBg4vk16ZKm8vxr41V9kg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de4195cd1ab500-OSL
content-encoding: br
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1677012027435&_since=%221666483264567%22

35.241.9.150

200 OK

0 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1677012027435&_since=%221666483264567%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1677012027435&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 59855
via: 1.1 google
date: Thu, 23 Feb 2023 06:38:22 GMT
age: 3126
last-modified: Tue, 21 Feb 2023 20:40:27 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

1win-cdn.com/js/1883.ce7803cd.js

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/js/1883.ce7803cd.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/1883.ce7803cd.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=13732
access-control-allow-origin: *
etag: W/"63f343d9-35a4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:41 GMT
cf-cache-status: HIT
age: 250334
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FF%2FiUBCySqtt1vUuqanKY%2B94kQkM9dnP8B8kgOsylRVSgKplqDPcNINDLnV8b%2BKkX9bp%2Fn2lSHfp71onrrmWqMY6p%2Foxl53%2BVTWyVQF2Fs9Twta1moxdAsLynWtp0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a28fd7b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/css/8629.f10717d0.css

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/css/8629.f10717d0.css
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/8629.f10717d0.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:28 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
access-control-allow-origin: *
etag: W/"63eb7496-2bb4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 14 Feb 2023 11:46:30 GMT
cf-cache-status: HIT
age: 760154
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2BlNtZ5Ii5Gpn2yRkZFRPEa%2B4NtK60ameOLI8m%2FALTZF49fxA1trKii0yRbOcQrKYHDbL1i00QRUK8A2rtwMLSjCK5ez1k1SOAP3t0woVH8dOr0jed34D4iG9mUWyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a28fe6b521-OSL
content-encoding: br
X-Firefox-Spdy: h2

static.hotjar.com/c/hotjar-2606090.js?sv=6

54.230.111.66

200 OK

0 B

URL HTTP/2
static.hotjar.com/c/hotjar-2606090.js?sv=6
IP
54.230.111.66:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /c/hotjar-2606090.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wrcnz.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Thu, 23 Feb 2023 07:29:52 GMT
cache-control: max-age=60
etag: W/853b8e050a3948a6422c02bd57be067c
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -r1rs8-6Biv22-ohPgVuHerNIdWFSGf2WLglPe_sL3aTMZ0yl3IQDA==
age: 36
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-home.e8bf03cf.js

104.26.5.11

200 OK

0 B

URL HTTP/2
1win-cdn.com/js/icons-pack-home.e8bf03cf.js
IP
104.26.5.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/icons-pack-home.e8bf03cf.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wrcnz.top/
Connection: keep-alive
TE: trailers

HTTP/2 200 OK
date: Thu, 23 Feb 2023 07:30:29 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=80069
access-control-allow-origin: *
etag: W/"63f343d8-138c5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 20 Feb 2023 09:56:40 GMT
cf-cache-status: HIT
age: 250331
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s26P1PKrZnOv5VgOh7RLVfXpDv%2FuaSbZFco4HgnvyfQ6ZqqeBOECdbMqoWucev68conibNGWnaGJ%2FBslmPdZs8HF%2FhI8MJgk94F%2BwMvlKVG499%2ByRXgpt8KmFWt4DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79de41a7adceb521-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (36)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML