Report - 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8

Report Overview

Visited public
2025-07-13 20:47:01
Tags
Submit Tags
URL
1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Finishing URL
1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid=%7Bsub1%7D&payout=%7Bamount%7D&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
IP / ASN
104.21.27.37
#13335 CLOUDFLARENET
Title
1win

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
1wqzrh.xyz	unknown	2025-04-14	2025-04-19	2025-06-27	18 kB	1.3 MB	188.114.96.1
1wfzws.life	unknown	2025-06-16	2025-06-27	2025-07-13	1.4 kB	60 kB	186.2.162.102
routerpp.life	unknown	2025-04-29	2025-05-02	2025-07-12	1.1 kB	2.2 kB	154.197.121.200

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-13	medium	1wqzrh.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	138 B	2023-04-13	2025-07-21
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 00:16 Last Seen2025-07-21 08:17 Times Seen1513 Hash 6900701ff959494d30437499abeb8885 7cb4c820fbf30caa6b50d6c2dc4aa7c0c4b644d8 3be52a71ee1e4d668cceef779a9942298cef4d68e03183d10681c4aa945c83f5 Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	138 B	2023-05-05	2025-07-20
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2023-05-05 08:00 Last Seen2025-07-20 08:36 Times Seen144 Hash fbdb85a14b4867948da0eb33261859ef 03782f8357f95f9b4e1b669ce3ac9e8b24c5bfb8 93688ffd3bdd4665c61b9d4a16d57766a1786fffbab8b4c3afa718903d4e3bc1 Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	140 B	2023-04-15	2025-07-21
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2023-04-15 19:29 Last Seen2025-07-21 06:31 Times Seen799 Hash 617d5b8a19009ac018d52e4da473494f 0c43d2c3d1b3b8dfcf072591f205e4b2d2c605d9 31301f431c4ac94b7e3a838177d9608f28f641c7472b85a36f51bad84dd1187d Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	163 B	2025-05-23	2025-07-13
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2025-05-23 04:48 Last Seen2025-07-13 20:47 Times Seen4 Hash 3d2218df801fb91a882503215e466c09 301b245571f5207e38b5bffda982b6b157b7e98a c9c603d973c91f80e391012fa1c503972272d6ac9992766576090366ba84cb0c Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	138 B	2023-04-14	2025-07-21
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 14:41 Last Seen2025-07-21 09:47 Times Seen677 Hash f325222a758aeaf467ffd9902267b129 ebb95b3866ab29d0ee9bb0755384b81ab12e000e cb11ef6823d7949b57e01ab9d6bb5c829be6b14322aa0dd5897a6d2d209d0672 Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	140 B	2023-04-15	2025-07-21
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2023-04-15 19:29 Last Seen2025-07-21 06:31 Times Seen799 Hash 617d5b8a19009ac018d52e4da473494f 0c43d2c3d1b3b8dfcf072591f205e4b2d2c605d9 31301f431c4ac94b7e3a838177d9608f28f641c7472b85a36f51bad84dd1187d Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	140 B	2023-06-05	2025-07-20
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2023-06-05 11:50 Last Seen2025-07-20 10:25 Times Seen603 Hash e29cc4b739166fb0de3dd3960891cf94 32bf92595a210346b3fa579ce87df4987f109d95 d3b8857aaf83eedf7762ae5079cebc09d4924e13766d06fd68dbb746634f95e3 Loading...

	1wqzrh.xyz/afh.js	ScriptElement	46 kB	2025-07-12	2025-07-18
Pretty URL 1wqzrh.xyz/afh.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-12 01:13 Last Seen2025-07-18 10:26 Times Seen19 Hash 6994e0898b10afe1375b7ac9ced3cd19 a73b23d0315dd5cb909969015efea6da0b2ab412 8c2883b9824b1fdd8816bd019478e1e32966c6ca669c6a6344f00182076d8eaa Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	142 B	2025-05-23	2025-07-13
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2025-05-23 04:48 Last Seen2025-07-13 20:47 Times Seen4 Hash 25f781358ee1a9d40bbbc8c745789560 83eff4861616124388e6f367be53c70561676b72 3c6d572c13f1d224456adf8c4eb512c98fb6268f8fb87182f6de449795c391fe Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	167 B	2025-05-23	2025-07-13
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2025-05-23 04:48 Last Seen2025-07-13 20:47 Times Seen4 Hash ade2f4501ac95a8835af0ba323204bc7 a1f5fbd49648cfc7be39c799da84861d78bc063a 84d64164ce431d0d2cb1757d7e74bcbf767daa6d4c8f75b4de4ac0745556ab46 Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	148 B	2025-05-23	2025-07-13
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2025-05-23 04:48 Last Seen2025-07-13 20:47 Times Seen4 Hash 1e6404944322a1a18c58bde7d7f5d132 d10b9e71c0b2e518fe2d11e6922481e5326251c0 0e8cb037344c665221e65525a7855ae0a6bd0419ff9149a672afc51a3ff76ab4 Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	163 B	2024-08-21	2025-07-16
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2024-08-21 15:31 Last Seen2025-07-16 07:00 Times Seen83 Hash 9b0a95e9b91cd29febcb59a3be2ebf17 0462b8740482109e9ff514327b9d91bfa01de755 85736de4d2be6f8c37a7631e7f78085af72b19910f398c7e554e793292caa523 Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-JdHTgj18.js	ScriptElement	317 kB	2025-05-23	2025-07-13
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-JdHTgj18.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-23 04:48 Last Seen2025-07-13 20:47 Times Seen4 Hash 1b251371e4232fc4ab4a3df188feb3b1 baf83e380bff51801ffa674556855de4642f6801 fc5f5bcf3beb8d071477cb3b8ef7fc37566d0549fe05278962b9938d459e86bf Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	165 B	2025-05-23	2025-07-13
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2025-05-23 04:48 Last Seen2025-07-13 20:47 Times Seen4 Hash 04907301af1e41757ca4f1fd7b6a530e c763834df059eb773f71a23e546b6245c3c2a594 a64ac9b0b1d3fa295d3f1d1a13fc168ce321758e445b38dae62a1809f2dd6c29 Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	149 B	2025-05-23	2025-07-13
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2025-05-23 04:48 Last Seen2025-07-13 20:47 Times Seen4 Hash 8f68debeb7075f530e01f01b9d0fe9a4 3c90b8c4b405006aecf4a292cfa7a72743b92c23 0c041ed8fa2b9ca0d19da525276aefa5f5f1b76a81dcc482c58d00a58b84ef18 Loading...

	1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8	Function	141 B	2023-04-14	2025-07-20
Pretty URL 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 14:41 Last Seen2025-07-20 11:33 Times Seen534 Hash 0ae64cce4f24529caa56156b159bdade 3f1c5a480a93a0bfdc86eb0d7769ea098682b7a5 99cb12f023e5c6752e9a7e0132343acf246a432e31d1e7326a3fad10704711a5 Loading...

HTTP Transactions (31)

URL IP Response Size

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/sprites/reg-form.svg

188.114.96.1

200 OK

2.9 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/sprites/reg-form.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2943 bytes)
Hash
751e56e203fd5787e857d92edcb310ad
86ba39c5861783e316208ecb7299c868f8e5357b
f9fb8e87cb3e2ee986054af74e9229a5861dab1b2a22ad1a48460868259524d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/sprites/reg-form.svg HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: image/svg+xml
content-length: 1327
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-b7f"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=EOjn1rJ9nUGc32egkvOFgolOt3QudtDBGHm9SK6j0oEtV4qaEJYRuZVmQS31f5jV4fqVACZ7Z59VK2POPIezefkXJjMXTmDV"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba187cd3656ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/fonts/Inter-Medium.woff2

188.114.96.1

200 OK

110 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/fonts/Inter-Medium.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 109604, version 3.1245
Size
110 kB (109604 bytes)
Hash
f0740bda9ae5dd83cea8bca8a7c1a7d3
ec499f99bf1f43ed5e22857531ca491a6477eae0
86952cdde19c4cc7ef002ee463b73a26e5b6747510557299b65064d9bf76d8a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/fonts/Inter-Medium.woff2 HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: font/woff2
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qCgl81Xh%2Bv2QL0j1dMYUQw%2Fen8wymdx%2BGPqMbHc%2Fy%2FPJUIy9asBcLnpf1AyRjzQkOUrK4U%2Bn%2Bo6yijc%2F4YlKR7jxdq69T7J4"}]}
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
etag: W/"682dbdaf-1ac24"
cf-ray: 95eba1881da656ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST 1wfzws.life/affiliate:link_visit

186.2.162.102

200 OK

37 B

URL POST
1wfzws.life/affiliate:link_visit
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerLet's Encrypt
Subject1wfzws.life
FingerprintDC:71:99:0E:FB:74:D7:62:A6:B0:04:AC:98:FC:AD:E9:BE:47:C2:B2
ValidityWed, 02 Jul 2025 23:02:56 GMT - Tue, 30 Sep 2025 23:02:55 GMT

File type
JSON text data
Size
37 B (37 bytes)
Hash
ffd908939b60f1154b33016c6d2e9c6b
663ebb986e784df674df5ab579ad90c05517597e
9c3b25f260defd6991608963a30a67cad0981ecce13e5975b1a6304887514d7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /affiliate:link_visit HTTP/1.1
Host: 1wfzws.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 336
Origin: https://1wqzrh.xyz
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=oEsHfXdJpJJ74SBL; Domain=.1wfzws.life; Path=/; Expires=Sun, 13-Jul-2025 21:06:40 GMT
__ddg10_=1752439600; Domain=.1wfzws.life; Path=/; Expires=Sun, 13-Jul-2025 21:06:40 GMT
__ddg9_=91.90.42.154; Domain=.1wfzws.life; Path=/; Expires=Sun, 13-Jul-2025 21:06:40 GMT
__ddg1_=zH6qxSLFaUYKx58zFsQW; Domain=.1wfzws.life; HttpOnly; Path=/; Expires=Mon, 13-Jul-2026 20:46:40 GMT
core-sticky=44fb199e4c5df1da; Path=/; HttpOnly
date: Sun, 13 Jul 2025 20:46:40 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wqzrh.xyz
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
x-powered-by: Express
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

GET 1wqzrh.xyz/afh.js

188.114.96.1

200 OK

46 kB

URL GET
1wqzrh.xyz/afh.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (22301)
Size
46 kB (46493 bytes)
Hash
6994e0898b10afe1375b7ac9ced3cd19
a73b23d0315dd5cb909969015efea6da0b2ab412
8c2883b9824b1fdd8816bd019478e1e32966c6ca669c6a6344f00182076d8eaa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /afh.js HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:38 GMT
content-type: application/javascript
content-length: 20078
access-control-allow-origin: *
age: 129914
content-encoding: br
ddg-cache-status: HIT
etag: W/"685d4f60-b59d"
last-modified: Thu, 26 Jun 2025 13:47:12 GMT
server: cloudflare
vary: Accept-Encoding
cf-cache-status: BYPASS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DT7E0%2FEtiH5TFS3zpOiUPR0vGhD84cT2P941w4VmWFe53qogCf33BxPwXhSA8mpPrRDCcXnRq8aBlsIvP2fmMeGfouPXf92G"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
set-cookie: __ddg8_=PevHPsfrmuPcNLB4; Path=/; Domain=1wywg.com; Expires=Sun, 13 Jul 2025 21:06:38 GMT
__ddg10_=1752439598; Path=/; Domain=1wywg.com; Expires=Sun, 13 Jul 2025 21:06:38 GMT
__ddg9_=94.130.10.163; Path=/; Domain=1wywg.com; Expires=Sun, 13 Jul 2025 21:06:38 GMT
__ddg1_=cKjSVKb2hdYCQ3UxDiZE; HttpOnly; Path=/; Domain=1wywg.com; Expires=Mon, 13 Jul 2026 20:46:38 GMT
cf-ray: 95eba17eaded56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/fonts/Inter-Regular.woff2

188.114.96.1

200 OK

103 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/fonts/Inter-Regular.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 102604, version 3.1245
Size
103 kB (102604 bytes)
Hash
136ccf10feeed1f95c3a0c5e91a24333
7b5b5c831a9f75918d1d6660222cd7aebc0acab1
78302f9c9577ab7c8dd7e26e486b355ac31bbd86dc1103cd654a8eb074f52f22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/fonts/Inter-Regular.woff2 HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:38 GMT
content-type: font/woff2
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4GgegymMxvU1BlEqQNeM%2BtXGxtj0pzUBs4Qp3zAz1sPElWqw4e%2BIdDtqK4n4TIZ1%2FY4WdnHWJGAAA7s%2FMjhlnnUT5lhzm9Al"}]}
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
etag: W/"682dbdaf-190cc"
cf-ray: 95eba180d9b056ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/images/front/front_lg.avif

188.114.96.1

200 OK

2.7 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/images/front/front_lg.avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
ISO Media, AVIF Image
Size
2.7 kB (2713 bytes)
Hash
b6cd9f64e1852aa4e99502f9692f3ebe
79695020a6fa089b21c417196a0f0fc13b580e35
9001a6bcf0e2fde31eead4773e9965d48f1fd704e93b2836d45ae8294dc9f92c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/images/front/front_lg.avif HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: image/avif
content-length: 2670
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-a99"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RSw9064cZuakPTSGgrWeQov38h%2BMbx%2F6842jrZa%2Ftlhxvfkjmw9ulBajq4CbgYOUx%2BVygf4HKFZWyx3JB2dKMvxJ1Tnastn6"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba187ed7256ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/images/queen/queen_xxl.avif

188.114.96.1

200 OK

19 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/images/queen/queen_xxl.avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
ISO Media, AVIF Image
Size
19 kB (18863 bytes)
Hash
a9ef5912d11df2a375f57f2da9fff2ec
445c7655bc4b257bfc41924038a9554191962bd0
35ba35ac24707d5a03a226c1ff6e48f756eae229456239eb43f5f431a226522a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/images/queen/queen_xxl.avif HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: image/avif
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-49af"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=e%2FrftW6WjjAJQfuPq5DsZdB0%2FCrVgENf%2Fy%2FRsNyGUfYuM1O0bawR6RIGnLM4DhFLV%2Bc43cDsOCVmVAQtJmDiD6tufY7iMksU"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba187ed7556ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css

188.114.96.1

200 OK

68 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
68 kB (67962 bytes)
Hash
81594ceec4506bd3047f08d5143ac1d8
7a894dbf088d8324c243b785a389dbc8f3d882bf
2f6819adb3a9b3aa3341bda0fa08e0fac8f28cf4b30aa5c38e3a4e260c42dc40

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:38 GMT
content-type: text/css
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdb0-1097a"
last-modified: Wed, 21 May 2025 11:49:04 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9XGNKR2AGGpNomJLPTsbCQ0iWulJ24jpUMCXyQCQuigZ%2Fjiyos9C5Sa74HHTdluRwrvP8DrHeulztGZ4rR1V%2B3NM395dreo2"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba17ebdf256ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wfzws.life/

186.2.162.102

200 OK

57 kB

URL GET
1wfzws.life/
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerLet's Encrypt
Subject1wfzws.life
FingerprintDC:71:99:0E:FB:74:D7:62:A6:B0:04:AC:98:FC:AD:E9:BE:47:C2:B2
ValidityWed, 02 Jul 2025 23:02:56 GMT - Tue, 30 Sep 2025 23:02:55 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (14917)
Size
57 kB (57333 bytes)
Hash
ac2f7ed80ad48f1b2fd8521019a76d5b
6d51836526d5b6da2e7c972c10f08adfee2fc97c
00472d205ef79bcedcd869f745f9b2708772b31b22a696a174f9b6efd4768643

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 1wfzws.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wqzrh.xyz/
Origin: https://1wqzrh.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=3Y2M7WLmKn9EMb0e; Domain=.1wfzws.life; Path=/; Expires=Sun, 13-Jul-2025 21:06:39 GMT
__ddg10_=1752439599; Domain=.1wfzws.life; Path=/; Expires=Sun, 13-Jul-2025 21:06:39 GMT
__ddg9_=91.90.42.154; Domain=.1wfzws.life; Path=/; Expires=Sun, 13-Jul-2025 21:06:39 GMT
__ddg1_=Ld7pavlryBi0GIxDk3Go; Domain=.1wfzws.life; HttpOnly; Path=/; Expires=Mon, 13-Jul-2026 20:46:39 GMT
device-id=8acb5d72-d3aa-4aa9-9067-8e73229a666f; path=/; expires=Mon, 13 Jul 2026 20:46:39 GMT; secure; httponly
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: text/html; charset=utf-8
vary: Origin
access-control-allow-origin: https://1wqzrh.xyz
access-control-allow-credentials: true
x-trace-id: 3d1d891904c594754d6b76e9421b1017
content-encoding: gzip
X-Firefox-Spdy: h2

POST routerpp.life/api/v1/product-visits

154.197.121.200

201 Created

425 B

URL POST
routerpp.life/api/v1/product-visits
IP
154.197.121.200:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subjectrouterpp.life
FingerprintEF:B8:97:B8:DD:C0:3B:89:87:6E:9C:D7:26:AB:A3:5C:49:FC:EA:2D
ValidityFri, 27 Jun 2025 13:58:33 GMT - Thu, 25 Sep 2025 14:58:29 GMT

File type
JSON text data
Size
425 B (425 bytes)
Hash
f93633212ce94065ce52ce27d8e9b851
89f5728d958780a8cffbde7fe8005a9b477da685
018814aca4598f5383336925afb8bec080b41299473c637013c0311505188cd5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/v1/product-visits HTTP/1.1
Host: routerpp.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wqzrh.xyz/
Content-Type: application/json
X-Unique-Key: ae06c0d9120d9c016079d8c1f3a44d2f
Content-Length: 279
Origin: https://1wqzrh.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 201 Created
date: Sun, 13 Jul 2025 20:46:40 GMT
content-type: application/json
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://1wqzrh.xyz
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=yBv50w07coAZ6Y6cy9lp9j0N7NivNKAF1HzEr7DU8tg-1752439600-1.0.1.1-OFFulxirzU8XP7AkRsojjbuA8SyN4C30szm60KmZUBC0alYvpesUjPHtGHVx9W3oLkpq5MalBKGd9Hf7HXPv6yMnslP7sqrJ9OGC3OeMGkU; path=/; expires=Sun, 13-Jul-25 21:16:40 GMT; domain=.routerpp.life; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 95eba18f6c4b6dea-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

OPTIONS routerpp.life/api/v1/product-visits

154.197.121.200

200 OK

0 B

URL OPTIONS
routerpp.life/api/v1/product-visits
IP
154.197.121.200:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subjectrouterpp.life
FingerprintEF:B8:97:B8:DD:C0:3B:89:87:6E:9C:D7:26:AB:A3:5C:49:FC:EA:2D
ValidityFri, 27 Jun 2025 13:58:33 GMT - Thu, 25 Sep 2025 14:58:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /api/v1/product-visits HTTP/1.1
Host: routerpp.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-unique-key
Referer: https://1wqzrh.xyz/
Origin: https://1wqzrh.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Jul 2025 20:46:40 GMT
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://1wqzrh.xyz
access-control-allow-methods: POST
access-control-allow-headers: content-type, x-unique-key
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=p1.UBYOHeGAcqzlcdN4YV3cTfSwWz3EPc6tuZj7pzTY-1752439600-1.0.1.1-wT7NHsIwDaV47U5geiAwSFfLy5qpEvCeOjpAnZheE4s7GRwj5EvV1E7gBcy8U8vop5_czNOR4pjGs0P28zYayMXomeW6k5eCX3p6CDVLPmw; path=/; expires=Sun, 13-Jul-25 21:16:40 GMT; domain=.routerpp.life; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 95eba18e8b346dea-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET wss://1wqzrh.xyz/v4/socket.io/?Language=en&xorigin=1wqzrh.xyz&EIO=4&transport=websocket

188.114.96.1

101 Switching Protocols

0 B

URL GET
wss://1wqzrh.xyz/v4/socket.io/?Language=en&xorigin=1wqzrh.xyz&EIO=4&transport=websocket
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v4/socket.io/?Language=en&xorigin=1wqzrh.xyz&EIO=4&transport=websocket HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wqzrh.xyz
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: oF3CKyxgzCbFCd7MIHfjVw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Sun, 13 Jul 2025 20:46:38 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: A26/THxHMxdzwtrDes9h4wrTwQM=
Set-Cookie: core-sticky=66e637c4725f3576; Path=/; HttpOnly
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HcXECWry8P%2FD4n4OQVwIODf1kPi0va4Mnke9XqE0cBQT4mPuIFHABSPa%2BqbW1vH3gNTRMtezOOfzRjDWHScxpurM4js1DRfXEEzgdfnEPs2qhPPtOwtcGVBjbrbg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 95eba1810fb8b4ee-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=460&min_rtt=434&rtt_var=132&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3106&recv_bytes=1218&delivery_rate=8305927&cwnd=252&unsent_bytes=0&cid=09fe3a34204e7bdc&ts=226&x=0"

POST 1wqzrh.xyz/api/domains/findMany

188.114.96.1

200 OK

43 B

URL POST
1wqzrh.xyz/api/domains/findMany
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
JSON text data
Size
43 B (43 bytes)
Hash
4d6134e35b202e86e4096cbb44c3c5ac
e05f5b375626d2270e5973f764da3d68f2ca1f8f
884e04bb992c7a9e719ed457290475154b28ea243e845f3177440a6a8ed2be71

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/domains/findMany HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Content-Type: application/json
Content-Length: 63
Origin: https://1wqzrh.xyz
DNT: 1
Connection: keep-alive
Cookie: core-sticky=66e637c4725f3576
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:38 GMT
content-type: application/json; charset=utf-8
content-length: 63
access-control-allow-origin: *
content-encoding: gzip
server: cloudflare
vary: Origin, Accept-Encoding
x-app-version: v1.101.3
x-selected-tenant-id: 1
x-trace-id: c86b6041211d3a5a14b38dfba94ee539
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2FwybcxR1RxD271Uex2X4DK4P8kHfA3SH4SowVd9Xeo2iGZHYslfooulD1yVex9rZuG7PgUdXgTsxT2ug8F2dug3JOAkKYeel"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
set-cookie: __ddg8_=MihjQRFhVboD97ck; Path=/; Domain=1wqzrh.xyz; Expires=Sun, 13 Jul 2025 21:06:38 GMT
__ddg10_=1752439598; Path=/; Domain=1wqzrh.xyz; Expires=Sun, 13 Jul 2025 21:06:38 GMT
__ddg9_=94.130.10.163; Path=/; Domain=1wqzrh.xyz; Expires=Sun, 13 Jul 2025 21:06:38 GMT
__ddg1_=KL0QsUpVVnRxLecd77Rp; HttpOnly; Path=/; Domain=1wqzrh.xyz; Expires=Mon, 13 Jul 2026 20:46:38 GMT
cf-ray: 95eba183be4f56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/images/chillies/chillies_xxl.avif

188.114.96.1

200 OK

31 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/images/chillies/chillies_xxl.avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
ISO Media, AVIF Image
Size
31 kB (31336 bytes)
Hash
ea220805aea1f8a324bc505af490d41a
75375d7c2bd5c4bc837edd87d30e75897f49e8b9
e1906ee26047f2e905369697621aee6e6951038dc149e48f81aa9519f85bf3d8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/images/chillies/chillies_xxl.avif HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: image/avif
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-7a68"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=8XrgNXCjJzFB7Mo74cOc0qO7TLZKl2nCatTL9moFubW3IxtZQMw%2F8oIe%2FnWeox4MFKnxlGzu86DtpklnVaZI17eDjeEoxzP1"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba187fd7c56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/fonts/Inter-Regular.woff2

188.114.96.1

200 OK

103 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/fonts/Inter-Regular.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 102604, version 3.1245
Size
103 kB (102604 bytes)
Hash
136ccf10feeed1f95c3a0c5e91a24333
7b5b5c831a9f75918d1d6660222cd7aebc0acab1
78302f9c9577ab7c8dd7e26e486b355ac31bbd86dc1103cd654a8eb074f52f22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/fonts/Inter-Regular.woff2 HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:40 GMT
content-type: font/woff2
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Gu5UplxxPmziHF7UAVrl3p1PgLIDV6GMyr%2FO7BhXuewZemGla4eDc6YUSI5LpqpVOyCoTc3yldYIdi2%2BdAfyUdbbMICUwy21"}]}
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
age: 1
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
etag: W/"682dbdaf-190cc"
cf-ray: 95eba18d5e2a56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/fonts/HalvarBreit-Blk.woff2

188.114.96.1

200 OK

48 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/fonts/HalvarBreit-Blk.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48384, version 1.0
Size
48 kB (48384 bytes)
Hash
0f8b1a33555dcc20b0e85451b81b07a2
a81e6b9041af74bf0c9fcb4e3dc5c942830d1c46
e2337049ffd8b804e066edbbbd2e71aa82e8998ee97d6000b46d7a140879881a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/fonts/HalvarBreit-Blk.woff2 HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:40 GMT
content-type: font/woff2
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ioUBg%2FeDJUEZ8lutDbz7vR2vbJFwn7SqBtJ%2BM%2BPaDAJZ%2F9suuhHGpDC70vn10c7YGA%2FABPo9z%2BY7mCi%2F2ZxKUM3MiUEAiRCl"}]}
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
age: 0
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
etag: W/"682dbdaf-bd00"
cf-ray: 95eba18d5e1c56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

OPTIONS 1wfzws.life/affiliate:link_visit

186.2.162.102

200 OK

2 B

URL OPTIONS
1wfzws.life/affiliate:link_visit
IP
186.2.162.102:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerLet's Encrypt
Subject1wfzws.life
FingerprintDC:71:99:0E:FB:74:D7:62:A6:B0:04:AC:98:FC:AD:E9:BE:47:C2:B2
ValidityWed, 02 Jul 2025 23:02:56 GMT - Tue, 30 Sep 2025 23:02:55 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /affiliate:link_visit HTTP/1.1
Host: 1wfzws.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wqzrh.xyz/
Origin: https://1wqzrh.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=XqxCih6s7cuZlWTY; Domain=.1wfzws.life; Path=/; Expires=Sun, 13-Jul-2025 21:06:40 GMT
__ddg10_=1752439600; Domain=.1wfzws.life; Path=/; Expires=Sun, 13-Jul-2025 21:06:40 GMT
__ddg9_=91.90.42.154; Domain=.1wfzws.life; Path=/; Expires=Sun, 13-Jul-2025 21:06:40 GMT
__ddg1_=dkIff5IfYeX8KKyF2dBU; Domain=.1wfzws.life; HttpOnly; Path=/; Expires=Mon, 13-Jul-2026 20:46:40 GMT
core-sticky=44fb199e4c5df1da; Path=/; HttpOnly
date: Sun, 13 Jul 2025 20:46:40 GMT
content-type: text/plain; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wqzrh.xyz
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
x-powered-by: Express
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-JdHTgj18.js

188.114.96.1

200 OK

317 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-JdHTgj18.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
JavaScript source, ASCII text, with very long lines (40193)
Size
317 kB (317173 bytes)
Hash
ff04973b717b23cf4397f36a6a08f2b6
44f9f0d6578d482d2f2cf493527fedae2c39bcf9
20a2e5f39559d2c563ab76771c1fb9e7cdeebcf002abb8ced69fb35ad3853f0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/assets/index-JdHTgj18.js HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:38 GMT
content-type: application/javascript
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdb0-4d6f5"
last-modified: Wed, 21 May 2025 11:49:04 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DNrGfy9nKlpme7Wp6iuJXVXe9a96fKbvTJkSQFVzF2rRFfXbwrL3A9mU98Zcw6QKfdHaFYkL8JlUSj8KVIc9dTnsBuju97dx"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba17ebdef56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/favicons/favicon.svg

188.114.96.1

200 OK

18 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/favicons/favicon.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
SVG Scalable Vector Graphics image
Size
18 kB (17995 bytes)
Hash
f3ad7a2c2fdfef79dc0859adeb7ef8fc
a7767b1934daf01f6c02508adf85c474c5b70660
7e8052a92378f4c9ef548b0ea98bce89a6d832389e37c758423897ef8be14e48

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/favicons/favicon.svg HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:38 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-464b"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=6,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FhyNZXRLwHxKw4qos0wI%2FGn7yKY9rvP0TUZGn6DsZSe3t4zAWLXIjc5lBKXl5uWsIBwnvNE%2BC69R67Q3EggEdbsqmBWOmff0"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba1824c3c56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/favicons/apple-touch-icon.png

188.114.96.1

200 OK

9.3 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/favicons/apple-touch-icon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
9.3 kB (9307 bytes)
Hash
9e97fa2de993c65017ad5b45d71d2198
3389c0ab4d0ede2c9bb9e3fbec8d7a33d3ced7dc
30729d49b4b87f1871190104d14496dca89206d55cb034a41bd14bfc86e19758

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/favicons/apple-touch-icon.png HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:38 GMT
content-type: image/png
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-245b"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=6,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=yQi3NYAk513kU4XTYa9g1zSlQ%2BEbjZimcwwODWTuzbILxTgsYTS4QGg7T8d4TUeAoTdqDyxOoxH6SEsnl4UKeEIzP%2BBOeBRe"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba1824c3856ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/sprites/flags.svg

188.114.96.1

200 OK

197 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/sprites/flags.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
SVG Scalable Vector Graphics image
Size
197 kB (197213 bytes)
Hash
7935d456e13282d11286237ed59a1475
a3d74e60e1f2cb4d92914b01a5237066f2364452
8c43fda94a9658545e23eb110a97ece54bbb7ed13cc5cd7edf99b97175f0b42e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/sprites/flags.svg HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-3025d"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=acX9hBPSQzoSnoa0LjThe0gdBn%2BJqCdQMx9mqaPwwe5R%2F19lqTgaUmjCDDgMK9scQTuSI9UyYrOYPySm7UUx4TULXmBoNBxX"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba187cd3256ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/images/decor/decor_lg.avif

188.114.96.1

200 OK

2.2 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/images/decor/decor_lg.avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
ISO Media, AVIF Image
Size
2.2 kB (2182 bytes)
Hash
d1e6ed199be9f884c27f5f7de264fa16
38ad4573301a44c21e335c87e77468790c4819aa
9aa5a2bf742fe2c6ae671b60b4adccfeab6c319ceb8147c9347fac73b6be170f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/images/decor/decor_lg.avif HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: image/avif
content-length: 2126
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-886"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=x%2FBhklkrTmlB%2Fm9urwyPYlWNNWDHn2Yz4d95lh5QIefF33uSPKkNXgjOvkN0j6D0esHW0rfU60yIy1HK%2FGh3Mm51FF2Y8sdu"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba187ed7456ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8

188.114.96.1

200 OK

1.5 kB

URL User Request GET
1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
1.5 kB (1477 bytes)
Hash
c50c6c3367d84ba5b223f0a1cd26ca6b
390cd57cebc76dc7f47ef3c80dbcbca2d10b0c44
aff4dee9c5849a814e2dcd0b2f782c743bcd212af5e24d9adcd83e6396acd337

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8 HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Jul 2025 20:46:37 GMT
content-type: text/html
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qdHYLThFonl1vsOqvIGitTVm8I%2F9E5R1Ph70KYj1SGxy4oa9s005nt4G8YdV7FzeNTIHfjy7DTIrzXGp2Eb02MSG1ToqXkqS"}]}
last-modified: Wed, 21 May 2025 11:49:04 GMT
server: cloudflare
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 95eba17c48c1712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

POST 1wqzrh.xyz/api/domains/findMany

188.114.96.1

200 OK

412 B

URL POST
1wqzrh.xyz/api/domains/findMany
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
JSON text data
Size
412 B (412 bytes)
Hash
e8249f3acf4faa0df7a991504b05f67e
2d76f2b1e897ec73c0c17af78133b5d2555a6059
e44b6cbb2dfeff4b39b9d0ef518fd4d67ce60b0728ef944e417ce9a03eb5b326

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/domains/findMany HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Content-Type: application/json
Content-Length: 61
Origin: https://1wqzrh.xyz
DNT: 1
Connection: keep-alive
Cookie: core-sticky=66e637c4725f3576; __ddg8_=MihjQRFhVboD97ck; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: application/json; charset=utf-8
content-length: 189
access-control-allow-origin: *
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding, Origin
x-app-version: v1.101.3
x-selected-tenant-id: 1
x-trace-id: 55c1091cc492c5b6313d6b40599d4158
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Pqfzm6PVAgpq6V4ax%2BA6jZZMMESNl4Cd9ZLsZ6D%2Fprt8%2FxtogMEPTWZZyO5Yuc6dQX5t3TmeomI%2FNJoTMB%2B%2BNEuDY27622oE"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
set-cookie: __ddg8_=hgdhnlK2M7xRR8Wq; Path=/; Domain=1wqzrh.xyz; Expires=Sun, 13 Jul 2025 21:06:38 GMT
__ddg10_=1752439598; Path=/; Domain=1wqzrh.xyz; Expires=Sun, 13 Jul 2025 21:06:38 GMT
__ddg9_=94.130.10.163; Path=/; Domain=1wqzrh.xyz; Expires=Sun, 13 Jul 2025 21:06:38 GMT
cf-ray: 95eba18538f356ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/fonts/HalvarBreit-Blk.woff2

188.114.96.1

200 OK

48 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/fonts/HalvarBreit-Blk.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48384, version 1.0
Size
48 kB (48384 bytes)
Hash
0f8b1a33555dcc20b0e85451b81b07a2
a81e6b9041af74bf0c9fcb4e3dc5c942830d1c46
e2337049ffd8b804e066edbbbd2e71aa82e8998ee97d6000b46d7a140879881a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/fonts/HalvarBreit-Blk.woff2 HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: font/woff2
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6yJBGLmciOccVo0fZMPuJbNs90AUMSHfzCJ6jqeRd6sAJ2dxUyleBtRzwscTTTpY1LeSgfmw0KIxgv85NoAf1cPp8Vx6fehu"}]}
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
etag: W/"682dbdaf-bd00"
cf-ray: 95eba187fd8b56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/images/slot_machina/slot_machina_lg.avif

188.114.96.1

200 OK

31 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/images/slot_machina/slot_machina_lg.avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
ISO Media, AVIF Image
Size
31 kB (30651 bytes)
Hash
e27335f244234780202ad8a76c295b51
058ed8c4ebf48ef12e23a471ac53de7efb2ca4cd
7db97334fbd0ed61dd82a529f558c1954c782b583129ec833b2071dc358faec0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/images/slot_machina/slot_machina_lg.avif HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: image/avif
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-77bb"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lU1odD3vF%2Bk47GpbnPYeMUnn2vS63537cVnTvqLR8WF15xT%2BlYn34hTgY5JXf4f%2F%2BPgghldJAHLZHZEY6PA7HUHO8SWvDtOq"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba187ed6f56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/images/logo.svg

188.114.96.1

200 OK

8.2 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/images/logo.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
SVG Scalable Vector Graphics image
Size
8.2 kB (8156 bytes)
Hash
a17782a75fd3895ae2f9480670ffddfb
2186df7b9827922678264c90a1493823647419da
eb26d9dfb450500e2219734f81f40fe6a8dd2de357c092ef0db26781d012dc05

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/images/logo.svg HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:38 GMT
content-type: image/svg+xml
content-length: 2742
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-1fdc"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Mfn2s3nxubnIGtP%2FZ07tuaqKmHu%2FCMnpx1jm6j%2BUQgD%2Fv%2BQLrmxAMOkz%2FWJlkvYheRPpB29VH70OTgOO7iIntYjrrq827i7c"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba180c9a256ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/images/bg/bg_lg.avif

188.114.96.1

200 OK

2.7 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/images/bg/bg_lg.avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
ISO Media, AVIF Image
Size
2.7 kB (2711 bytes)
Hash
56dcb39f5ad9da4e7a521f4318b76586
1ccd96ed69b8be18f8462335964723e60b8c8e93
c2e8e502e34bd6430b16a2e3b603696840467f0a3cf311339210afac8e4b1f60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/images/bg/bg_lg.avif HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: image/avif
content-length: 2661
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-a97"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7bixA63YYHbBvYQ5Taf2b%2BxHScogQf%2B4%2Bk0kv6wcGQQHlwoPUbGKtDqgnnpS0ZeGc5x4juJMPisTiNUcjNKmLu%2FkaGNCpZXG"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba187dd5d56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/images/card/card_lg.avif

188.114.96.1

200 OK

5.1 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/images/card/card_lg.avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
ISO Media, AVIF Image
Size
5.1 kB (5124 bytes)
Hash
e5bb86af1563cf0c89a67a7d64b6b307
98e8ee5b04b24e7241630cdf3648e4bcac0b7502
df9e1e1be715d21a053d84f718001087922960c9993b5b7da0c313ff5d9a669f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/images/card/card_lg.avif HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: image/avif
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-1404"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=goQYVCm8%2BaJ1T7Dr66q%2BEtbEC%2BaqI3JJUU1YOlCH7JNvb0cBTjzN763lpEaz9y5CiBJlXaHHWu%2BeoZiVGj0lBJrHDYpK3H16"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba187fd8656ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/fonts/Inter-Medium.woff2

188.114.96.1

200 OK

110 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/fonts/Inter-Medium.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 109604, version 3.1245
Size
110 kB (109604 bytes)
Hash
f0740bda9ae5dd83cea8bca8a7c1a7d3
ec499f99bf1f43ed5e22857531ca491a6477eae0
86952cdde19c4cc7ef002ee463b73a26e5b6747510557299b65064d9bf76d8a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/fonts/Inter-Medium.woff2 HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:40 GMT
content-type: font/woff2
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=WoTBfUCn0Wb7IsEoWpiYJlDYiDs4imtTDzYRmv5JqOl1eJQ%2FUSYqzyVLXJw%2FHK%2B97HoJ%2BVV6O1hccY3Ud6OuSL23ccUIk3R%2F"}]}
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
age: 0
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
etag: W/"682dbdaf-1ac24"
cf-ray: 95eba18d5e3056ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET 1wqzrh.xyz/v3/2752/external-marketing-india-game/images/badge/badge_xxl.avif

188.114.96.1

200 OK

2.0 kB

URL GET
1wqzrh.xyz/v3/2752/external-marketing-india-game/images/badge/badge_xxl.avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wqzrh.xyz/v3/2752/external-marketing-india-game?lang=en&subid={sub1}&payout={amount}&sub2=ubdx&p=l44h&sub1=1ush861ippjg8
Certificate
IssuerGoogle Trust Services
Subject1wqzrh.xyz
Fingerprint77:08:82:51:25:E6:E5:62:67:31:2D:04:F4:0A:B0:5F:8E:E1:FD:FD
ValiditySat, 14 Jun 2025 11:30:45 GMT - Fri, 12 Sep 2025 12:26:57 GMT

File type
ISO Media, AVIF Image
Size
2.0 kB (1952 bytes)
Hash
5782e848282d31132c08a28fb518fe9c
4baa5248987b41e4875b693e8e75fd760aa3c8bb
b2db27422cb318c051e15f0eb44beeb7b8d8c88370e06004a9f329b1695073a0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/2752/external-marketing-india-game/images/badge/badge_xxl.avif HTTP/1.1
Host: 1wqzrh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wqzrh.xyz/v3/2752/external-marketing-india-game/assets/index-HmW-4YV3.css
Cookie: core-sticky=66e637c4725f3576; __ddg8_=hgdhnlK2M7xRR8Wq; __ddg10_=1752439598; __ddg9_=94.130.10.163; __ddg1_=KL0QsUpVVnRxLecd77Rp; partner_key=l44h; visit_domain=1wqzrh.xyz; sub_ids=sub2=ubdx&sub1=1ush861ippjg8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 13 Jul 2025 20:46:39 GMT
content-type: image/avif
content-length: 1906
accept-ranges: bytes
content-encoding: gzip
etag: "682dbdaf-7a0"
last-modified: Wed, 21 May 2025 11:49:03 GMT
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=vZgkMeNZgCn9lg8696foAJeuK1e%2BYr3UaloF0ToIphnokipALdE2M2LD8XTbmfUOvNf8Zrydvj5ljZrmgElGfsY%2BzFTDXKNY"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95eba187fd8156ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML