login.win-win.global Open in urlscan Pro
2606:4700:20::ac43:4a09 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://login.win-win.global/
Submission: On September 09 via automatic, source certstream-suspicious (September 9th 2024, 7:35:37 am UTC) — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 2606:4700:20::ac43:4a09, located in United States and belongs to CLOUDFLARENET, US. The main domain is login.win-win.global.
TLS certificate: Issued by WE1 on September 3rd 2024. Valid for: 3 months.

This is the only time login.win-win.global was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	2606:4700:20:... 2606:4700:20::ac43:4a09	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
3	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
1	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
14	5

9 2606:4700:20::ac43:4a09 (United States)

ASN13335 (CLOUDFLARENET, US)

login.win-win.global	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:67c:4e8:f004::9 (Amsterdam, Netherlands)

ASN62041 (TELEGRAM, VG)

telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
oauth.telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	win-win.global login.win-win.global	3 MB
3	telegram.org telegram.org — Cisco Umbrella Rank: 6669 oauth.telegram.org — Cisco Umbrella Rank: 155007	12 KB
1	gstatic.com fonts.gstatic.com	45 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	1 KB
14	4

	Domain	Requested by
9	login.win-win.global	login.win-win.global
2	telegram.org	login.win-win.global
1	oauth.telegram.org	telegram.org
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	login.win-win.global
14	5

This site contains no links.

Subject Issuer	Validity	Valid
win-win.global WE1	`2024-09-03` - `2024-12-02`	3 months	crt.sh
upload.video.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.telegram.org Go Daddy Secure Certificate Authority - G2	`2024-08-10` - `2025-09-11`	a year	crt.sh
*.gstatic.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://login.win-win.global/
Frame ID: 5F81E88E45D4BA0FE402D73FAB6F6026
Requests: 14 HTTP requests in this frame

Frame: https://oauth.telegram.org/embed/ww_global_bot?origin=https%3A%2F%2Flogin.win-win.global&return_to=https%3A%2F%2Flogin.win-win.global%2Flogin&size=large&request_access=write
Frame ID: 88E8B117848C2633E132282F6D08921D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Auth

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

14
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

3060 kB
Transfer

4136 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
login.win-win.global/ 732 B
891 B 273ms
172ms Document
text/html 2606:4700:20::ac43:4a09
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.win-win.global/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a09 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e87dc709ec3a85487eaa4b79bd79cdb44d1eb058646adc81a7d11a484c5b5e26

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8c058083cfbb3a7c-FRA
content-encoding: br
content-type: text/html
date: Mon, 09 Sep 2024 07:35:31 GMT
last-modified: Sun, 08 Sep 2024 21:41:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2xAg3QVnvzGJrXXNjmsjskWlPo52xat%2FTWvhJHxO%2F2HdhpC0QucXd7vNHZonvJwDYmN9ZqR1LYoIDgS1NELU7hDS4R9NQYyrpKoyN2%2BgINCY26%2BO%2BKCtm%2FbMrx3joRrS%2B0XhV9uEy%2FqWc2hmNd5whYhv"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15768000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
1 KB 149ms
63ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter+Tight:wght@100..900&display=swap

Requested by

Host: login.win-win.global
URL: https://login.win-win.global/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

484233f510291a1dbf43630047707b2fa9a8be338ccb3b2d2f4045fbc6fc4e43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://login.win-win.global/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 09 Sep 2024 07:35:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 09 Sep 2024 07:35:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Sep 2024 07:35:31 GMT

GET
H2 200 index-C6ZC9JWb.js Show response
login.win-win.global/assets/ 766 KB
242 KB 127ms
126ms Script
application/javascript 2606:4700:20::ac43:4a09
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.win-win.global/assets/index-C6ZC9JWb.js

Requested by

Host: login.win-win.global
URL: https://login.win-win.global/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a09 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e6994af1e7b51982069cdf8ee1a194f709a68913ad514e9d32919e994473476

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://login.win-win.global/
Origin: https://login.win-win.global
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 09 Sep 2024 07:35:31 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sun, 08 Sep 2024 21:59:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
etag: W/"66de1e25-bf871"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=imjcNpbEE4wgrM1fsTuwZ0uXUON%2F94%2BS4eHQrUD0ZYzhMUya0XwF5e8S7Q4pAGAnvNrcCvniF0rb9iTLt3%2BTUEAg3nloREypXCc1nckGaJG%2BIsimInUG4de0x7iLB4lsk%2BkPjtQvDJDJqFp9ehXgUkEn"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c058084e91e3a7c-FRA
x-xss-protection: 1; mode=block

GET
H2 200 telegram-widget.js Show response
telegram.org/js/ 20 KB
6 KB 154ms
43ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/telegram-widget.js?7

Requested by

Host: login.win-win.global
URL: https://login.win-win.global/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

0f6cdd09b3bbebf50c4e1679aff6f021f5e183a4ba2dea3a0801394599ff6afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://login.win-win.global/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 09 Sep 2024 07:35:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 03 Apr 2023 11:46:12 GMT
server: nginx/1.18.0
etag: W/"642abc84-4ff5"
content-type: application/javascript
cache-control: max-age=345600
expires: Fri, 13 Sep 2024 07:35:31 GMT

GET
H2 200 translation.json Show response
login.win-win.global/locales/en/ 2 KB
1 KB 86ms
86ms Fetch
application/json 2606:4700:20::ac43:4a09
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.win-win.global/locales/en/translation.json

Requested by

Host: login.win-win.global
URL: https://login.win-win.global/assets/index-C6ZC9JWb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a09 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24d3174a0c0ed9a81d150b31af40e6956c18f0b878480c30a5b133c685ef774f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://login.win-win.global/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 09 Sep 2024 07:35:31 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sun, 08 Sep 2024 19:39:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
etag: W/"66ddfd8b-92c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/json
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2B25I8hhkP565kNnYCX%2FvCtJjW7AaT9Os8GGsbaJ0gvrHP%2B5qF52n%2FknleVbsCoP7pMhJLGXMN5y2CMqN3jEZbUqYLEm8ovr3X3SmOu73SUwrrmsNozx9lrb4xvEjggJcVe4bP6ee9HQzgRJdR8Rtbd5"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c058086dc413a7c-FRA
x-xss-protection: 1; mode=block

GET
H2 200 auth-background-CmvOFBr8.png
login.win-win.global/assets/ 746 KB
747 KB 123ms
122ms Image
image/png 2606:4700:20::ac43:4a09
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.win-win.global/assets/auth-background-CmvOFBr8.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a09 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6bfeb227e3d09de59687712bbbd6eae305ab9f690d9267c32bf3442202911c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://login.win-win.global/login
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 09 Sep 2024 07:35:31 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sun, 08 Sep 2024 19:39:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "66ddfd8b-ba84a"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HYy%2Bf4Cw3tk6uVFk2RnlMseKLrJaLsKj%2B7w1NMJUMErY%2FDNgW2iS8K8JG%2Bg68Qkfzwq9koqKw7W2u3KhyXzwV%2BGDUemz042Zdmhq%2Fk3tr9fDDzrq%2BZVPYyHd5L7JdVa0uQnBQqUfCs0vOUOWgy4MB0bD"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 8c058086fc773a7c-FRA
content-length: 763978
x-xss-protection: 1; mode=block

GET
H2 200 favicon-DDh3bmvH.ico
login.win-win.global/assets/ 264 KB
2 KB 83ms
83ms Other
image/x-icon 2606:4700:20::ac43:4a09
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.win-win.global/assets/favicon-DDh3bmvH.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a09 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ec67c1d0d414490c3d6cb369efe47cd87ecf904da091d0736fb8a3c54c0f768

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://login.win-win.global/login
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 09 Sep 2024 07:35:31 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sun, 08 Sep 2024 19:39:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"66ddfd8b-4203e"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCPS9oZLP4mqOuajHH93gU4At%2FK790SZh3zhxr2KXl5qaAq23yPPlUcNjsa58esx%2FC9%2BISYPzzO4oxBkXMsh51WIudigNYlZ%2BcW9u1EQFi3XL29%2BeG5eFfn%2BMIlDcVeQl3cjo3TZ%2FOXmx%2BgNtrEZ4Jne"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cf-ray: 8c058086fc743a7c-FRA
x-xss-protection: 1; mode=block

GET
H2 200 favicon-DDh3bmvH.ico
login.win-win.global/assets/ 264 KB
0 83ms
83ms Other
image/x-icon 2606:4700:20::ac43:4a09
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.win-win.global/assets/favicon-DDh3bmvH.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a09 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ec67c1d0d414490c3d6cb369efe47cd87ecf904da091d0736fb8a3c54c0f768

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://login.win-win.global/login
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 09 Sep 2024 07:35:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sun, 08 Sep 2024 19:39:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66ddfd8b-4203e"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCPS9oZLP4mqOuajHH93gU4At%2FK790SZh3zhxr2KXl5qaAq23yPPlUcNjsa58esx%2FC9%2BISYPzzO4oxBkXMsh51WIudigNYlZ%2BcW9u1EQFi3XL29%2BeG5eFfn%2BMIlDcVeQl3cjo3TZ%2FOXmx%2BgNtrEZ4Jne"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cf-ray: 8c058086fc743a7c-FRA
x-xss-protection: 1; mode=block

GET
H2 200 logo--HrIuTH0.png
login.win-win.global/assets/ 39 KB
39 KB 86ms
85ms Image
image/png 2606:4700:20::ac43:4a09
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.win-win.global/assets/logo--HrIuTH0.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a09 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

250c4d09a5376ac1758c2b9b0af14a9313becf44db2a9b533c0e09493641246c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://login.win-win.global/login
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 09 Sep 2024 07:35:31 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sun, 08 Sep 2024 19:39:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "66ddfd8b-9ba8"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1D6RlI86%2F0xLFlm7%2FO%2F81M6QV0tzus5Ce7TzwZ6OUyBTyjnppi3vfFbtyu4%2BujdrTjINDL9kYI89mAU%2FA0Nd0lSlJBAqO5n0KGnoH4TB9QN1A7cNswoEYt9K4SPNZS05R4BagttxqrzC%2BxCsyEPDzEg2"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 8c0580878d4e3a7c-FRA
content-length: 39848
x-xss-protection: 1; mode=block

GET
H2 200 boy-DqrE7LFj.png
login.win-win.global/assets/ 1 MB
1 MB 90ms
90ms Image
image/png 2606:4700:20::ac43:4a09
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.win-win.global/assets/boy-DqrE7LFj.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a09 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8839a5e85378d79440e6315c9dcb720cb5183bf96edd702e1ec91d917f87fbfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://login.win-win.global/login
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 09 Sep 2024 07:35:31 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sun, 08 Sep 2024 19:39:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "66ddfd8b-17be4a"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PAhw9PbSy9ejTZmkETT%2FVuoj29HoaItM6vGHA3pVKcYGNAVMfb33uMFqd0iS3s7aDFUC1IRETub8uIJHPTvIl2i9ghGE0JE%2FdUyueJvV0L%2Bb4MMeUJG49pOaIPV9UNPrl0LC1NewBRvFU%2FpmK67%2BlGEZ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 8c0580878d4f3a7c-FRA
content-length: 1556042
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 607 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fdf9587f35f10603669f06b216e90691de4c17a25a8758ffb2c9fa2e9d5017c6

Request headers

Referer
Origin: https://login.win-win.global
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 auth-modal-background-BTiY2LzZ.png
login.win-win.global/assets/ 447 KB
448 KB 208ms
208ms Image
image/png 2606:4700:20::ac43:4a09
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.win-win.global/assets/auth-modal-background-BTiY2LzZ.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a09 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7967295d84155c49a6fe904e07c04f93107be68684de90a5aeb7ad027f6c2e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://login.win-win.global/login
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 09 Sep 2024 07:35:31 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sun, 08 Sep 2024 19:39:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "66ddfd8b-6fb7a"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BC0kobawFDR%2Fs%2FYNuko%2FQZOPFLvUHwX3RuZrVvrsVBwvD0tuXM9kIYSZMHkocaG%2BIBc7eJALKkeqc%2Bmbnbd4YES4Y6ag2FOetyiQ5wgJGNTW6SbJHUaXzGA1aI3rxs%2Br7003JKtgZzGQo2uyy%2Bj9SNY7"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 8c0580879d513a7c-FRA
content-length: 457594
x-xss-protection: 1; mode=block

GET
H2 200 NGSwv5HMAFg6IuGlBNMjxLsH8ag.woff2
fonts.gstatic.com/s/intertight/v7/ 44 KB
45 KB 127ms
41ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/intertight/v7/NGSwv5HMAFg6IuGlBNMjxLsH8ag.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter+Tight:wght@100..900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca34455f82a5c81d8111c6a641771c011e95767e64efc8a52f82299896028c57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://login.win-win.global
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 07 Sep 2024 16:11:05 GMT
x-content-type-options: nosniff
age: 141866
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45072
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:57:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Sep 2025 16:11:05 GMT

GET
H2 200 telegram-widget.js Show response
telegram.org/js/ 20 KB
6 KB 50ms
50ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/telegram-widget.js?22

Requested by

Host: login.win-win.global
URL: https://login.win-win.global/assets/index-C6ZC9JWb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

0f6cdd09b3bbebf50c4e1679aff6f021f5e183a4ba2dea3a0801394599ff6afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://login.win-win.global/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 09 Sep 2024 07:35:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 03 Apr 2023 11:46:12 GMT
server: nginx/1.18.0
etag: W/"642abc84-4ff5"
content-type: application/javascript
cache-control: max-age=345600
expires: Fri, 13 Sep 2024 07:35:31 GMT

GET
H2 200 ww_global_bot
oauth.telegram.org/embed/ Frame 88E8 0
0 166ms
49ms Document
text/html 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://oauth.telegram.org/embed/ww_global_bot?origin=https%3A%2F%2Flogin.win-win.global&return_to=https%3A%2F%2Flogin.win-win.global%2Flogin&size=large&request_access=write

Requested by

Host: telegram.org
URL: https://telegram.org/js/telegram-widget.js?22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://login.win-win.global
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	ALLOW-FROM https://login.win-win.global

Request headers

Referer: https://login.win-win.global/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: no-store
content-encoding: gzip
content-length: 714
content-security-policy: frame-ancestors https://login.win-win.global
content-type: text/html; charset=utf-8
date: Mon, 09 Sep 2024 07:35:31 GMT
pragma: no-cache
server: nginx/1.18.0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: ALLOW-FROM https://login.win-win.global

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			login.win-win.global/	1969-12-31 23:59:59	Name: i18next Value: en
			oauth.telegram.org/	1970-01-21 08:11:16	Name: stel_ssid Value: 50bd4a7180e189f0a9_12543309239546580381

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://login.win-win.global/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
login.win-win.global
oauth.telegram.org
telegram.org
2001:67c:4e8:f004::9
2606:4700:20::ac43:4a09
2a00:1450:4001:81c::2003
2a00:1450:4001:828::200a
0f6cdd09b3bbebf50c4e1679aff6f021f5e183a4ba2dea3a0801394599ff6afd
24d3174a0c0ed9a81d150b31af40e6956c18f0b878480c30a5b133c685ef774f
250c4d09a5376ac1758c2b9b0af14a9313becf44db2a9b533c0e09493641246c
484233f510291a1dbf43630047707b2fa9a8be338ccb3b2d2f4045fbc6fc4e43
4ec67c1d0d414490c3d6cb369efe47cd87ecf904da091d0736fb8a3c54c0f768
8839a5e85378d79440e6315c9dcb720cb5183bf96edd702e1ec91d917f87fbfd
9e6994af1e7b51982069cdf8ee1a194f709a68913ad514e9d32919e994473476
b7967295d84155c49a6fe904e07c04f93107be68684de90a5aeb7ad027f6c2e8
ca34455f82a5c81d8111c6a641771c011e95767e64efc8a52f82299896028c57
e6bfeb227e3d09de59687712bbbd6eae305ab9f690d9267c32bf3442202911c0
e87dc709ec3a85487eaa4b79bd79cdb44d1eb058646adc81a7d11a484c5b5e26
fdf9587f35f10603669f06b216e90691de4c17a25a8758ffb2c9fa2e9d5017c6

login.win-win.global Open in urlscan Pro 2606:4700:20::ac43:4a09 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

100 %IPv6

4 Domains

5 Subdomains

5 IPs

3 Countries

3060 kBTransfer

4136 kBSize

2 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

login.win-win.global Open in urlscan Pro
2606:4700:20::ac43:4a09 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

3060 kB
Transfer

4136 kB
Size

2
Cookies

14 HTTP transactions
1 data transactions