| 1xlite-461430.top/polyfills.js | 178.253.29.51 | 200 OK | 0 B |
URL GET HTTP/21xlite-461430.top/polyfills.js IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /polyfills.js HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css | 185.244.209.62 | 200 OK | 2.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (9958), with no line terminators Hash76a1e3dd8e25bf9a48bdd896de779d20 38c3643e25808d1f3ab167273201eac8c113c088 aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273
GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: text/css
content-length: 2277
last-modified: Fri, 10 May 2024 06:48:56 GMT
etag: "663dc358-8e5"
content-encoding: gzip
expires: Sat, 11 May 2024 11:27:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ba4141d3150bf824820aa63b1946438a-212a9b036a5cc562-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T11:28:13+00:00, 2024-05-10T12:14:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/6ee8a9e4.css | 185.244.209.62 | 200 OK | 591 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/6ee8a9e4.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (2490), with no line terminators Hash7375a1956830f97b2481314bf1f0e199 7c30df38c6465e78813dc2aea95eb086bb832630 2acc171311243f36d7410ebd2b41ac7d7c7899c861153198217e7e91d3d9e4cf
GET /_nuxt/desktop/default/css/6ee8a9e4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: text/css
content-length: 591
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-24f"
content-encoding: gzip
expires: Fri, 10 May 2024 09:42:06 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b0e09e5fcca8b63cfa01c52de6140ec9-20a8d1a22032d32b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T09:42:06+00:00, 2024-05-10T03:25:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Page.Registration-13772f3f.js | 185.244.209.62 | 200 OK | 2.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Page.Registration-13772f3f.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (6350), with no line terminators Hashc0dd1b5bcbd80bd6814765358f7029f8 2022d074e0bbc6542fb874e65199102397803dea a52644cb8fbc4a291ed25cd7ca7f4eefb4bab807b0abf3fa6c2d009e4ce4b209
GET /_nuxt/desktop/default/Page.Registration-13772f3f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 2237
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-8bd"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-389b35dbfcbb6af7b1b95f6b97c94f9c-87e0f1657e61d5dd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:33+00:00, 2024-05-10T11:34:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css | 185.244.209.62 | 200 OK | 3.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (31339), with no line terminators Hash9e9b190c1ab8126c2576203d5d43ec63 a80ccb6739023605edbd86be13f38a58ff7f4906 c4a28e2bbc67a853613460727d4abba3687be55593a7513a4079ea34579fbb02
GET /_nuxt/desktop/default/css/ca542d7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: text/css
content-length: 3226
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-c9a"
content-encoding: gzip
expires: Sat, 11 May 2024 09:58:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b7122d70743c43741bd5cf8ece1da6a0-07f59f1880541dc5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T09:58:14+00:00, 2024-05-10T10:44:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js | 185.244.209.62 | 200 OK | 2.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (8663), with no line terminators Hash17c159eb9f582ec9da7a4285b37349f0 652f12e3c4cfdad29cff1f06e709f0d18522d8ae 3562960610c72291435591709c1b63b69ad67f4d2462cbf180241330b7486bea
GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 2474
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-9aa"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:41 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cb5b808eb64be376ca787fa148d2408c-3c0f610cf87ee62a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:41+00:00, 2024-05-10T11:03:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css | 185.244.209.62 | 200 OK | 46 B |
URL GET HTTP/2v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashf506188b04c16eaa9c664ed23f7ce58e 08d068d7fa5a84beb06ba924a35d84d6bfdab30a b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9
GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5fd62d283bce861e6e74a80b0532a2f7-8fdf2058167284e6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:47:35+00:00, 2024-05-10T16:39:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/runtime-43683768.js | 185.244.209.62 | 200 OK | 15 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/runtime-43683768.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (47215), with no line terminators Hash47a46628292e69d41089a8202744c066 0927d7b03ebe09730cdd2f651f44341037445c4c 387586283d754fb5f88d2e72c10a6e259ea49f9b683530add5d627393859cc7a
GET /_nuxt/desktop/default/runtime-43683768.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 14754
last-modified: Fri, 10 May 2024 12:02:30 GMT
etag: "663e0cd6-39a2"
content-encoding: gzip
expires: Sat, 11 May 2024 12:33:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a374177d5533fc62d4066636bcb45db4-c5f4f44a5bf460f2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T12:33:36+00:00, 2024-05-10T12:34:21+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js | 185.244.209.62 | 200 OK | 47 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65476) Hash414c44a4caf31196b27b1c5c11628879 2536bdd8d54c6f619dc0a200015d9a7b95c08f90 07a1a14bccef15bc4e72f798aa8ae3c18decb59c7ad601832305f8180d3d3b54
GET /_nuxt/desktop/default/commons/app-e695e102.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 46806
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-b6d6"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:23 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f14670d35418324a8848e569f307a422-896ab2f9b902d60e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:23+00:00, 2024-05-10T11:03:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js | 185.244.209.62 | 200 OK | 234 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators Size234 kB (233875 bytes) Hasheb4f34c1bf9c9befda1bf247f5e1df5b 334210525b8a7dad9cf37084c56194190961b67f f6dbc277c6f693b6ce346441312122bcfd288f3c93c550e9922ec3ddc128e28e
GET /_nuxt/desktop/default/app-80fd9d0c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 233875
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-39193"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-016c3032f442acfb0fa3d050ccfd0398-57c2f083b56c4278-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:25+00:00, 2024-05-10T11:03:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/7c3945cb.css | 185.244.209.62 | 200 OK | 17 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/7c3945cb.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash97b6f81b90460841531e21dceae1a3f5 1116d9a217e034d8970ab1455c15e9a4d1420a14 21951b3d64319c4bc411d0b272d08f3f7d951c743b9ee4ef376091d1c24a0401
GET /_nuxt/desktop/default/css/7c3945cb.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: text/css
content-length: 17201
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-4331"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7776bd0fd67fd9abab408f00db67fc14-5853858467cb1547-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:25+00:00, 2024-05-10T11:03:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/version.json | 185.244.209.62 | 200 OK | 44 B |
URL GET HTTP/2v3.traincdn.com/version.json IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashaafb9af48d47361d26cbfdeb0412c4d5 b8625bcae99d72993c210edb5f4b5e76b8f55302 22ec42ed599ef43ccd0b24237b1a833617be5c7965f4ddbb6d428de34bd61e7b
GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: application/json
content-length: 44
last-modified: Fri, 10 May 2024 12:06:40 GMT
etag: "663e0dd0-2c"
content-encoding: gzip
expires: Fri, 10 May 2024 12:29:12 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3a3fe80105aec959c5d07fc982c460ad-b011982cdb1aa126-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T12:28:52+00:00, 2024-05-10T17:13:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js | 185.244.209.62 | 200 OK | 267 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (61101) Size267 kB (267284 bytes) Hashde196c8e650ca4c514b5fbccb5f0fc2d fe73fce013c7cf22d6c01057981a01947484b020 27db5de650dc124db682f1dcd0bc5b018980cd52f3baaf8e4bab2d74fb9e0b5f
GET /_nuxt/desktop/default/vendors/app-7a457c68.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 267284
last-modified: Fri, 10 May 2024 06:48:56 GMT
etag: "663dc358-41414"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-aa0ab82c5f68b0e10d0ad2724a247d2c-1054d04d0493573a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:25+00:00, 2024-05-10T11:03:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63748, version 1.0 Hash6887b6f24414dbc612dbf42ccdc76b70 8068d3abfbc6cbf35b55919da45b1f4d2d136238 fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-28096dd36221cae848d756c774cb4d25-647ac8be19390c81-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-10T16:19:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 | 185.244.209.62 | 200 OK | 65 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 64732, version 1.0 Hash3ac5d40d1b3966fc5eb09ecca74d9cbf a69f32357765dd321519889aeacba5e9ca893bb0 3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6b2385169db4290587fc16f3c24edd4e-a3251047661cc1bc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-10T16:30:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63920, version 1.0 Hasha65527fcb58f66a7cfbc0e6b160538b4 45d260e7fa343401b5bb0df982a014f53e2d253b fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-64178c8bd9db37c686751a91667294f5-1bf37330c4988833-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-10T17:06:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/check-ob.js | 185.244.209.62 | 200 OK | 187 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/check-ob.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text Hashced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616
GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Wed, 08 May 2024 10:15:17 GMT
etag: "663b50b5-bb"
content-encoding: gzip
expires: Thu, 09 May 2024 12:58:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a02b61b43f085d4088403e0bf54481cc-9740b4cf9572d87b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:58:12+00:00, 2024-05-10T11:36:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png | 185.244.209.62 | 200 OK | 653 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 32 x 32, 8-bit colormap, non-interlaced Hashe6f0766cbd95db33da44e7a9140648f2 5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0
GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8eb7e4bcb80591c5e53ab757c1a48849-6edeedf1723d76bd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-05-10T16:52:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css | 185.244.209.62 | 200 OK | 12 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash198419473dc0d0e7251f0ea959786327 d655066cb3b23dfa8618ad29198963fece948aca 7cb4fc9885bcaa6e61a1a44a81cec33f8a3f6b2b928a08fb485f09dfba24c6e2
GET /genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 09:12:07 GMT
etag: W/"e6a26e7156450d40bffd62c65dd8a90c"
content-encoding: gzip
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-76f90fc1490e5ff073dcc7e91b16b335-9b10fc3941d27efd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T09:19:03+00:00, 2024-05-10T16:23:49+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js | 185.244.209.62 | 200 OK | 22 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65476) Hash4df28096a23760aa74cf3b1982ae9476 1b99d6f0622b9da8e46e85df6a0b116a8c1a9943 14e6c442824a6a4230ad98dc5046540ea35f1e7ad21b65b927495df4a54aa715
GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 21899
last-modified: Fri, 10 May 2024 06:48:56 GMT
etag: "663dc358-558b"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-be0d521d36088f7a01aae4fe39feef94-cf5549501c24754c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:36+00:00, 2024-05-10T11:09:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js | 185.244.209.62 | 200 OK | 4.6 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (12527), with no line terminators Hash8113ecbe1d6d4c8904ce977109730f08 70cd411e85297f2d6dcccffba8f633e3c609ca5f 1349cb7987b5ebae2dc20a5ad955120b8983b0059549cd7f3b0db5dbf1c89ce5
GET /_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Fri, 10 May 2024 06:48:56 GMT
etag: "663dc358-11cc"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c1290d266e58e30ab088b53392d4ef09-a204c4524f584612-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:36+00:00, 2024-05-10T11:09:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css | 185.244.209.62 | 200 OK | 953 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (3352), with no line terminators Hash748da80084597d87b4ff5e98b017b07b db6ad2ec24bfcbe751a23061d935403e1163f471 4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24
GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: text/css
content-length: 953
last-modified: Fri, 10 May 2024 06:48:56 GMT
etag: "663dc358-3b9"
content-encoding: gzip
expires: Sat, 11 May 2024 11:05:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0d8a7c265b6bef2fab046dd4e0f4c2ba-f3428872fccfd472-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T11:05:18+00:00, 2024-05-10T15:45:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js | 185.244.209.62 | 200 OK | 8.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (26717), with no line terminators Hash5e555ad28a7c695afb377a8855610652 8f195d8ff18e3e2d1105587315d8d3102650bf3a b90b7ba895ec988a0b72b9fd21ccc3d8e1d1cc4035f57fc47be6fb00e32caacc
GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Fri, 10 May 2024 06:48:56 GMT
etag: "663dc358-1f77"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-79bd4e0a7eed518641712ac1170997a1-c74e349e6ad57655-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:36+00:00, 2024-05-10T11:09:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js | 185.244.209.62 | 200 OK | 2.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (6960), with no line terminators Hash426b4077094d2bf6f0f1feab6aaaaa40 b6ac46785f2225c76aaf65d152456765df824887 864bc0a49b9b457b62b65a8902f9f07305e5010d46df4cc5416dfb8b028c2c09
GET /_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 2121
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-849"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-00cf538c023ed210bb3b76e656c7aee8-7fc7c9b8914958bb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:36+00:00, 2024-05-10T11:22:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js | 185.244.209.62 | 200 OK | 999 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (2336), with no line terminators Hash55a903571af1a626a07aa8e6a5d83e1e 744db188996ec7ada8c219355d471d2ed347a9a2 ebd3f27093e1a541034d9c46a308f1273e0480bbeaaccf70f638e95f663c95e6
GET /_nuxt/desktop/default/DC-fcb3e9b4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 999
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-3e7"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-da0e94b440329004caeca632aa80ce06-4c90532f5cc1c71c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:34+00:00, 2024-05-10T11:09:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/version.json?timestamp=1715361238954 | 178.253.29.51 | 200 OK | 44 B |
URL GET HTTP/21xlite-461430.top/version.json?timestamp=1715361238954 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashaafb9af48d47361d26cbfdeb0412c4d5 b8625bcae99d72993c210edb5f4b5e76b8f55302 22ec42ed599ef43ccd0b24237b1a833617be5c7965f4ddbb6d428de34bd61e7b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /version.json?timestamp=1715361238954 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1920; SESSION=323393565b119d548b6a7adb60cbcf8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: application/json
content-length: 44
last-modified: Fri, 10 May 2024 12:06:40 GMT
vary: Accept-Encoding
etag: "663e0dd0-2c"
content-encoding: gzip
expires: Fri, 10 May 2024 17:14:58 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Betting.Core-1a5463fd.js | 185.244.209.62 | 200 OK | 1.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Betting.Core-1a5463fd.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (2333), with no line terminators Hashe5d51c8a6cc9f9c21d69ed8481e5b34c 8efe18ebf6c2a550924453a9157c5e8f19815b79 d16d28fd6cbadfd74016b414f3b0ad534baa0b2d0854aa2c42b1a99fdffea2c4
GET /_nuxt/desktop/default/Betting.Core-1a5463fd.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 1500
last-modified: Fri, 10 May 2024 12:02:30 GMT
etag: "663e0cd6-5dc"
content-encoding: gzip
expires: Sat, 11 May 2024 12:33:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e7a663a1d187f1ff62f6c06dd571e429-bbd36d7de856a253-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T12:33:40+00:00, 2024-05-10T12:34:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 | 178.253.29.51 | 200 OK | 141 B |
URL GET HTTP/21xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashbd9be2fa89d26e9e6f1b2e08ffcd0ed6 90eae25ee792254c7ca97e98c5782078f9bdc37f c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1920; SESSION=323393565b119d548b6a7adb60cbcf8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 1096
x-request-id: c7f47058690283aa84b10dcb92e689ef
x-request-guid: c7f47058690283aa84b10dcb92e689ef
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.5311241149902, wf-uht;dur=0.019
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.51 | 200 OK | 23 B |
URL POST HTTP/21xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashfaf4aa9910181459e4d693c4ba36f519 867bcddd7dd2c7fc4f42a1ac7934b8a9e087e7b2 694311957cf2735125f435316a5352d8ac4b13593b18b60e0bb7ae997875f223
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder
Content-Type: application/json
X-Lang: en
X-Uuid: 3963fe8d-05f6-4187-99a1-43c4bb18ec11
Content-Length: 79
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1920; SESSION=323393565b119d548b6a7adb60cbcf8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js | 185.244.209.62 | 200 OK | 1.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (3230), with no line terminators Hash5233ff069edca79a361c0b2b198b55cc ba4364baebab13117998653f970a92b8ee07f900 c738fe5d4a58cfa5164ec13724b158a0021645987ebb534e1a230895b48b2e56
GET /_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-5ab"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6e9816a8d7b312172a4bfea18dbef62f-daf159273eae922a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:34+00:00, 2024-05-10T11:09:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json | 178.253.29.51 | 200 OK | 6.6 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hasheec4805fe0f6e17d5ade92a382f5b068 ca6a26fe8ea31e66c0bef88c4e7f489dce9f9a4b b50904054641c30b6b4ee7ed4290b52022825f2e9e9e3a4a060b8ecddf28c898
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css | 185.244.209.62 | 200 OK | 97 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash9deb70dd3fbdc7061ed21c5632fbc55b 22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8 be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9
GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: text/css
content-length: 97
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-61"
content-encoding: gzip
expires: Thu, 09 May 2024 16:43:21 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3d21ff8ba1b20e7300a1251cf4db6d5c-bd7ed190ece913a1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T16:43:21+00:00, 2024-05-10T14:11:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js | 185.244.209.62 | 200 OK | 8.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (25972) Hash6d75d9fb64764579504c00ce537f6ff1 5661eb661bdef0a6a8bdd029ba5b7b9eb050e15e bf2a87bf4b4484a7ff05c40e1b4c94a316800dedb9445359cda5e43efa825d9f
GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 8522
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-214a"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9f0e175c41e11dc8f5656a3fb42b4f71-0036cacaf87616a8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:34+00:00, 2024-05-10T11:22:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js | 185.244.209.62 | 200 OK | 9.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (31683), with no line terminators Hash3ca2554a30cd9245966f39206d05ed01 b7e1bc94b6c370bc32a9b57e52dfac27264afdce ff808bc9910f34faee9d25b4d9dcff5c145337ca0211d762b6c58a08f86512b4
GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 9211
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-23fb"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:24 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ab07feb93ba3d283d2f4663709414195-37e5432ed5639f48-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:24+00:00, 2024-05-10T11:03:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/18cbb15e.css | 185.244.209.62 | 200 OK | 2.8 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/18cbb15e.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (17487), with no line terminators Hash84bb45c3abcedff7cc6be89969118f98 2ceb554b4184bdf42f52eb5ae30709f54bcc2c65 52a55efd24c44c2debeb23bfb2df9d757a49efbe7859067fbae73236f4b950e9
GET /_nuxt/desktop/default/css/18cbb15e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: text/css
content-length: 2812
last-modified: Fri, 10 May 2024 12:02:29 GMT
etag: "663e0cd5-afc"
content-encoding: gzip
expires: Sat, 11 May 2024 12:38:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-59291b4917b7d818e10925badbf016da-815de5b63ae4be02-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T12:38:31+00:00, 2024-05-10T14:11:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-a2245b65.js | 185.244.209.62 | 200 OK | 15 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-a2245b65.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (60018), with no line terminators Hash0f6966081c192c5fabe000e7720d614b 4af5672f3280422389f6612d4370f3619cbfbf8f ecbb7c3eb54c7b698326b3898d600767294885eb3f970ed36447e62dd0f37426
GET /_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-a2245b65.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 14623
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-391f"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7f75d6ea17496092239be3ce9d7ddad1-fd09517e36d5d417-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:34+00:00, 2024-05-10T12:38:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/92a501bf.css | 185.244.209.62 | 200 OK | 2.4 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/92a501bf.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (11783), with no line terminators Hash6c49be4e90aaa352a7a35dc9f0aa9eff 1c74d93488d6a8f1745e6f95e8193a62c05ed740 7a565737116b21c0932994654fd8916144c0926c2bab60f42d36f294af61a32e
GET /_nuxt/desktop/default/css/92a501bf.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: text/css
content-length: 2379
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-94b"
content-encoding: gzip
expires: Sat, 11 May 2024 11:28:53 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-34c4c0d0ab9d6fa2ef4249e56a5c25e2-336723d0b57efd72-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T11:28:53+00:00, 2024-05-10T14:11:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/registration.Main-86cd3b1b.js | 185.244.209.62 | 200 OK | 23 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/registration.Main-86cd3b1b.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashbe6249a2c8ec352029f063ee89f27475 5e6f27a7e26c7b99e17892563a70592220d81b77 6c2ad4b37c5b7052262f6f1d4cb6c58ab6a1ce5fa8dc13ae315cf3c8faa668f1
GET /_nuxt/desktop/default/registration.Main-86cd3b1b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 23081
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-5a29"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ff350e1ce840ca649738e9695ef40572-0f51dfc0423faa9a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:34+00:00, 2024-05-10T12:38:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css | 185.244.209.62 | 200 OK | 459 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1526), with no line terminators Hash97fdf5b6e7dfddf6ab251e984133b2c3 bb552fe685c52c34e0ed91e4dfaa9df2675ad086 92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3
GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: text/css
content-length: 459
last-modified: Fri, 10 May 2024 06:48:56 GMT
etag: "663dc358-1cb"
content-encoding: gzip
expires: Sat, 11 May 2024 11:05:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-04944b0108bc85731a3121e9d200b64b-a3b284584352bc1a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T11:05:35+00:00, 2024-05-10T16:07:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js | 185.244.209.62 | 200 OK | 17 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators Hash732bde6d360cd7be7ce9ce10044202ba c4fdecf84f6261b354240750525cb9d2a8d87d09 d46270d03f72eb032f9e205e2eedecdf65838a9f474b356b127474f73b66d347
GET /_nuxt/desktop/default/vendors/betting.media-49c46e45.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 16832
last-modified: Fri, 10 May 2024 06:48:56 GMT
etag: "663dc358-41c0"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-db35797a32334789fe61352b02d00f8a-fdb2988b9789a554-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:34+00:00, 2024-05-10T11:22:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js | 185.244.209.62 | 200 OK | 4.7 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (16761), with no line terminators Hashf2263fc2e9f9bff4572f3b1c24a80ab2 efe1b2479e2f34dbe912d9e588759b2787bbc3b9 38444c18d8c24549cc13b2de3a055976ec8f3f238e022739f0b6aef8fa74db9b
GET /_nuxt/desktop/default/betting.media-29872be3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 4727
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-1277"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-55a6fd446ef651771519ae26d61ab947-4e8b72d90e04d9f4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:34+00:00, 2024-05-10T11:22:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css | 185.244.209.62 | 200 OK | 1.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (7000), with no line terminators Hashf379bc6f4b94f34d96f6fe51159bee63 f4c0d4dbef1e1e734e84e05d75e4ff950d06eb60 b2a5bd6495250a19500dd5a6ca62f045c8b70226a668dc63ef40c78883bdae11
GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: text/css
content-length: 1486
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5ce"
content-encoding: gzip
expires: Thu, 09 May 2024 14:34:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-39807ab8eadb8c58e1c869aea98b74d5-74124ca677410c0f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T14:34:40+00:00, 2024-05-09T17:15:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/session-api/sessions/user | 178.253.29.51 | 200 OK | 16 B |
URL GET HTTP/21xlite-461430.top/session-api/sessions/user IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash646b2e82b65602d35f7aa6283c387e3a b163a70c5df8e4b0861a23a04f8a6f78393747f4 b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.0979175567627, wf-uht;dur=0.009
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en | 178.253.29.51 | 200 OK | 2 B |
URL GET HTTP/21xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd751713988987e9331980363e24189ce 97d170e1550eee4afc0af065b78cda302a97674c 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=11.93, dt_total;dur=15.860, wf-uht;dur=0.031
traceparent: 00-6c9a454e8c36a88d26fcc8431c32c41f-443fe93e2779044c-01
x-dt: 285
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 | 178.253.29.51 | 200 OK | 222 B |
URL GET HTTP/21xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashe7c940228799d1f96695b328e468ca9c e5af05addc5a54aa316d8ead06c15e886aea6561 84626d0f6e1da40ed88e58d4d8e6d2998e2cbce21bc197b7b6a66305e94ed867
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/json; charset=utf-8
content-length: 222
x-time-ng: 0.047
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.063
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/analytics-4b5e21b9.js | 185.244.209.62 | 200 OK | 2.4 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/analytics-4b5e21b9.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (6455), with no line terminators Hash9a4be384412c80b7437a28e4029c1fb2 c22adfa2c7e5c07fa8f35643e0cf77083792441d b52c3c4608a1dda0852dac06c440b9932e1134f4cda761c63f24faf3c01ed919
GET /_nuxt/desktop/default/analytics-4b5e21b9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-982"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e3981ba730b70910b2c9978203a8ff02-8d85bfeb449992e4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:34+00:00, 2024-05-10T11:13:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json | 178.253.29.51 | 200 OK | 822 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashbe781196159e458a9a157a93f6981363 54b5bb6ddb54aefb6dc1eeeab89afdf48079e959 71bf1763541ee0d4298863f03c291b09029668d448e8077518717b8810ac910f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
content-length: 822
last-modified: Mon, 08 Apr 2024 09:13:00 GMT
etag: "be781196159e458a9a157a93f6981363"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 | 142.250.74.168 | 200 OK | 106 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP142.250.74.168:443
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (10899) Size106 kB (106514 bytes) Hash0af612bb2d2c830131b9d6ff7c1b125d fbc9960a575d6b18d69d2953172c491e7c576537 23932bcc32908a600d5109cdf4eecdcd1c0ef822de063cf94ad81bb2269d329a
GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 17:14:00 GMT
expires: Fri, 10 May 2024 17:14:00 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 106514
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.334/285/bonus.svg | 185.244.209.62 | 200 OK | 72 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.334/285/bonus.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash529ae2eca25c5de891012494cfee8c6d 860137eea59a720afcb0c4cc093352970f653197 432f52d60ae25f5f351833c4b9d3fd2424ee0bb0f884edd8687c70bde521923b
GET /sys-icons/1.0.334/285/bonus.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"5dfc9cb3b4b0fdaa0ca8f0bebfaf0a6e"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6e24c904cbd5b62c753c62406ad8d768-78d6409f95f130a1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-10T12:00:26+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json | 178.253.29.51 | 200 OK | 543 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash2f999350fc2eea344d910e8a01de406d bcfeaa8fadc7ca87115d7e36c955bd0df504b8ad c73c55fa3a522662241013a108e6043dd4cde3fbfa2be0ed4a4940582e26ed36
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
content-length: 543
last-modified: Thu, 29 Feb 2024 14:14:28 GMT
etag: "2f999350fc2eea344d910e8a01de406d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.093
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/registration | 178.253.29.51 | 200 OK | 1.5 kB |
URL POST HTTP/21xlite-461430.top/web-api/registration IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash6e01905c19b197bf78e5772939a86da1 7379da54b696e3a67ae3a595514c3ed4c46ba3e9 5bcd01ed1d384fd4c55da5f3ac444ed4d211fe1a282f2e7a9d24edfac18f0f71
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /web-api/registration HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 18
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=34, dt_total;dur=36.990, wf-uht;dur=0.057
traceparent: 00-53a0f7f7d4a3ec2df7c41e82fd4d62f9-1eedad9cf349f9ae-01
x-dt: 285
x-time-ng: 0.037
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/api/v3/bonuses/welcome-bonuses | 178.253.29.51 | 200 OK | 458 B |
URL GET HTTP/21xlite-461430.top/web-api/api/v3/bonuses/welcome-bonuses IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash3b95c708633bddc9e7e22d49dad5fc0f a8df6625dbc748880d5d8c7848cf596f3745b87c e23bcc0d393deacc52f246838faf46a23d0bf4cfe70079980e20a4d0a2a80e53
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/api/v3/bonuses/welcome-bonuses HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=19, dt_total;dur=67.930, wf-uht;dur=0.076
traceparent: 00-e6a9b6447ea48124dd3955e8a1b8b87a-2ec032ecef4d9815-01
x-dt: 285
x-time-ng: 0.051
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json | 178.253.29.51 | 200 OK | 958 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash24ec1c171afe6836881e2fba1ed559a0 588a08d22de446d484f8f51402994f37ff2527c2 a0c14f5476683e6eb7381c1820c0e914c02911ab9d24170e61548e661017f96f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
content-length: 958
last-modified: Tue, 18 Apr 2023 10:33:32 GMT
etag: "24ec1c171afe6836881e2fba1ed559a0"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.059
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json | 178.253.29.51 | 200 OK | 184 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash36777c63209967831ddd2926e229b69b 7a59de3bd5fd0406a1becbd4fc6bdb49a996a0fa c2087429233dc14f1ad96cf9b7d1f4ecf0f32fabab7fc37999644a488d10dbc2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
content-length: 184
last-modified: Thu, 09 Nov 2023 06:22:56 GMT
etag: "36777c63209967831ddd2926e229b69b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.056
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/ba5c155521a3853fb5db8559f0fed629.json | 178.253.29.51 | 200 OK | 249 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/ba5c155521a3853fb5db8559f0fed629.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash2209ca3135f40bfbb67fd12b887402a9 c50e4585ffcffda7271c68c2685ce7c4eab91138 85d2140ab013caf8951d9bafb1ea7f5e95518e694f095ad43ec3d29926741c36
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/ba5c155521a3853fb5db8559f0fed629.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
content-length: 249
last-modified: Tue, 05 Sep 2023 10:23:36 GMT
etag: "2209ca3135f40bfbb67fd12b887402a9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.112
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json | 178.253.29.51 | 200 OK | 13 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash82be680bc6bd32b65cef0e3bda368678 5f5ac335405d9c792b43b6aee8d5ab64ac42e5ba 12800d3ad8e368dc1541e334f8f6f669549da16f62b4dae2ebb9929bd88322c7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 30 Oct 2023 14:20:28 GMT
etag: W/"82be680bc6bd32b65cef0e3bda368678"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.061
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css | 185.244.209.62 | 200 OK | 1.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (5171), with no line terminators Hash5d231bea9b7df6bc1e9e74e3c0a231e1 2ef607f0c766fff1b4b1e90a2d98e7094c81721e c43fd428fe6e9d25ddf385a1cf03891194126ebf9e83d086af655272e815445b
GET /_nuxt/desktop/default/css/e5eb737e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: text/css
content-length: 1050
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-41a"
content-encoding: gzip
expires: Sat, 11 May 2024 08:09:47 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c81f18ceb33d2815ac746ee6a0f3cdea-405e2e93ec06ea0f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T08:09:47+00:00, 2024-05-10T13:31:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js | 185.244.209.62 | 200 OK | 8.9 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (39925), with no line terminators Hash7ddea2d217f72613646d2b7eff8e9d6f ea22eb4a231ac86ed0773f58ff856e1203bed07d 42c2cd82d0a96f636d5f7289a821ad8de15c7da1e57f58c13882da2209d4d576
GET /_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 8881
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-22b1"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c6e557d1a83d59a2b67366e6271bbd5a-3ca8676426f01690-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:35+00:00, 2024-05-10T11:22:53+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js | 172.64.148.184 | 200 OK | 32 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hash82835459a311cc381bd7a3a1d3e98700 f66fd8f8abdef5eff16ea9443995b3dcebd57ab5 40c453e2ed52c20acfa252a756b4b53bf8928e3d7eda408244567a634846f383
GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"12fe9-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 858885
expires: Sat, 10 May 2025 17:14:00 GMT
server: cloudflare
cf-ray: 881b90288da856c0-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js | 172.64.148.184 | 200 OK | 108 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Size108 kB (107941 bytes) Hashc6d9a19237ab680320a290e64d76bfb0 3250a56ba43ecf780286354e3bdcc5963f12aab1 fe838d898967eb5ef94934fec76241d10f8ddc13d0ed3e84fb34335b43e3fe5f
GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 863166
expires: Sat, 10 May 2025 17:14:00 GMT
server: cloudflare
cf-ray: 881b90288dae56c0-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js | 172.64.148.184 | 200 OK | 23 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hash628589007decbb72372f385f86f77890 505a6fd34ca6031c895ac37241d5353a0836a3b0 4f8687c07edce7d623f6c07d21b2cb21ba8d572ba5456b658d729012dd50a9b4
GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 863166
expires: Sat, 10 May 2025 17:14:00 GMT
server: cloudflare
cf-ray: 881b90289db556c0-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/seo-module-api/api/v1/visual?group_id=285&ref_id=1&url=https:%2F%2F1xlite-461430.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-461430.top&timezone=2&stream=user§ion=registration&ref[id]=1&project[id]=285 | 178.253.29.51 | 200 OK | 161 B |
URL GET HTTP/21xlite-461430.top/seo-module-api/api/v1/visual?group_id=285&ref_id=1&url=https:%2F%2F1xlite-461430.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-461430.top&timezone=2&stream=user§ion=registration&ref[id]=1&project[id]=285 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash3d7b1f8050bd6c9b2076897b5abd95be 79a5d500977dd5ceb4eceff5de06bb1b9ee31452 a1a7c55b912c284801f6fb9e45978ddc0e3ecf835298450e572930c9a25f37b9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /seo-module-api/api/v1/visual?group_id=285&ref_id=1&url=https:%2F%2F1xlite-461430.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-461430.top&timezone=2&stream=user§ion=registration&ref[id]=1&project[id]=285 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?type=fast
content-type: application/json
x-requested-with: XMLHttpRequest
x-geoip2-country-code: ru
sub-request-id: 543f4e11e4714396aefee38879efabdb
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174; _ga_7JGWL9SV66=GS1.1.1715361240.1.1.1715361240.60.0.0; _ga=GA1.1.1767834371.1715361241
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
content-length: 161
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: en334c423f2bfcb663063bf3f3184251c5
age: 1046
x-request-id: 585693f0babba3dd09af391fe4ca8bae
x-request-guid: 585693f0babba3dd09af391fe4ca8bae
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.9469261169434, wf-uht;dur=0.011
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.334/285/country.svg | 185.244.209.62 | 200 OK | 62 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.334/285/country.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash25abd06e6b4cef56aec0fed7a47d5664 00e6efceb4939d5c9461c097cfb4a466a4e4a717 f8251b7b5201025417e2128e34d40fb75c7481df7cc2e9bf00326c00b51100e9
GET /sys-icons/1.0.334/285/country.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"60caf0d666af828706b3d83c428a31e4"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:28 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2bb1d556053277efbe2a2e20ec64e25d-9d9c610189c83550-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:28+00:00, 2024-05-10T11:13:15+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/sounds/new-message.mp3 | 172.64.148.184 | 200 OK | 30 kB |
URL GET HTTP/2widget.suphelper.top/sounds/new-message.mp3 IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeMPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo Hashef9af24dc7dbd24ffd99c832e1300351 f78744a5013038446c468de14f205f2d52373fd6 5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9
GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:01 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"7500-18f381bf786"
cf-cache-status: HIT
age: 3192
expires: Fri, 10 May 2024 21:14:01 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881b902dcd5c56c0-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js | 172.64.148.184 | 200 OK | 30 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75
GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 853325
expires: Sat, 10 May 2025 17:14:00 GMT
server: cloudflare
cf-ray: 881b90288d9c56c0-OSL
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je4580v897130004za200&_p=1715361240028&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1767834371.1715361241&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1715361240&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_172463m_21123c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D23141506_d26145_l73404_clickunder&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=4224 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je4580v897130004za200&_p=1715361240028&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1767834371.1715361241&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1715361240&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_172463m_21123c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D23141506_d26145_l73404_clickunder&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=4224 IP216.239.32.36:443
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7JGWL9SV66>m=45je4580v897130004za200&_p=1715361240028&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1767834371.1715361241&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1715361240&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_172463m_21123c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D23141506_d26145_l73404_clickunder&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=4224 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Fri, 10 May 2024 17:14:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.51 | 200 OK | 23 B |
URL POST HTTP/21xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash531684180b3933534abef961d6d64eb6 cb0cba8bd590bbb91682316af69289b3dec9cb34 db56109a3704283f27d13395d39eefbf22e4540e35a52c182b3b20614683c7e9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?type=fast
Content-Type: application/json
X-Lang: en
X-Uuid: 3963fe8d-05f6-4187-99a1-43c4bb18ec11
Content-Length: 196
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174; _ga_7JGWL9SV66=GS1.1.1715361240.1.1.1715361240.60.0.0; _ga=GA1.1.1767834371.1715361241
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:01 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.008
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je4580v897130004za200&_p=1715361240028&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1767834371.1715361241&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&sid=1715361240&sct=1&seg=1&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_172463m_21123c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D23141506_d26145_l73404_clickunder&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=5255 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je4580v897130004za200&_p=1715361240028&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1767834371.1715361241&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&sid=1715361240&sct=1&seg=1&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_172463m_21123c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D23141506_d26145_l73404_clickunder&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=5255 IP216.239.32.36:443
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7JGWL9SV66>m=45je4580v897130004za200&_p=1715361240028&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1767834371.1715361241&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&sid=1715361240&sct=1&seg=1&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_172463m_21123c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D23141506_d26145_l73404_clickunder&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=5255 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Fri, 10 May 2024 17:14:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js | 172.64.148.184 | 200 OK | 48 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hash05ab0ac86804545231c092f6f6334621 8cdcfbdc2b4dd3811f39f4607cf5305a19101fa5 d5cc086b836de80c721c5566ef1c24a5a612e1301db279e43759c12ed39fc944
GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 11 Mar 2024 06:37:37 GMT
etag: W/"22695-18e2c3b24d9"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 858885
expires: Sat, 10 May 2025 17:14:00 GMT
server: cloudflare
cf-ray: 881b90288d9956c0-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js | 172.64.148.184 | 200 OK | 8.4 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hashe004bdaf44e447ad27974c3943fd85e2 c35550b103d562e1f211fa7df58433e8c8951bd5 4a446e9785c5843d53cfa8583cc21269ec2dd2362efa0f3a92e6fcbc542d6dc7
GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 863166
expires: Sat, 10 May 2025 17:14:00 GMT
server: cloudflare
cf-ray: 881b90288dac56c0-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/f385e6db/_buildManifest.js | 172.64.148.184 | 200 OK | 7.6 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/f385e6db/_buildManifest.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hash84afa12bd94f2be911f829421970766b 1d1043c2d60b0b0de06fdb2cda93ae61c246fcb7 f9e088cda4495b92a8cb114691f81cad00eb398b7eea83543e7558e6ae287b00
GET /_next/static/f385e6db/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"207-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 727584
expires: Sat, 10 May 2025 17:14:00 GMT
server: cloudflare
cf-ray: 881b90289dbd56c0-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/session | 178.253.29.51 | 204 No Content | 0 B |
URL GET HTTP/21xlite-461430.top/web-api/session IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/session HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?type=fast
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174; _ga_7JGWL9SV66=GS1.1.1715361240.1.1.1715361241.59.0.0; _ga=GA1.1.1767834371.1715361241
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 10 May 2024 17:14:07 GMT
cache-control: no-cache, private
server-timing: p;dur=17, dt_total;dur=48.303, wf-uht;dur=0.056
traceparent: 00-31870a860930ffc1e78ae92a909f0eb9-3e1f42810052d2ff-01
x-dt: 285
x-time-ng: 0.037
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je4580v897130004za200&_p=1715361240028&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1767834371.1715361241&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftype%3Dfast&dr=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_172463m_21123c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D23141506_d26145_l73404_clickunder&sid=1715361240&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=10257 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je4580v897130004za200&_p=1715361240028&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1767834371.1715361241&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftype%3Dfast&dr=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_172463m_21123c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D23141506_d26145_l73404_clickunder&sid=1715361240&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=10257 IP216.239.32.36:443
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7JGWL9SV66>m=45je4580v897130004za200&_p=1715361240028&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1767834371.1715361241&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftype%3Dfast&dr=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_172463m_21123c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D23141506_d26145_l73404_clickunder&sid=1715361240&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=10257 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Fri, 10 May 2024 17:14:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-4d6c8249.js | 185.244.209.62 | 200 OK | 66 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-4d6c8249.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashaef3e7e835a99d3035bcd15797cfe9a8 5de336165d341c0601724e9c1051555ad1823207 25e9709b1b46caed0b4303d82fc1ed87763c84d661878f0a9e247c6e8a7c92ef
GET /_nuxt/desktop/default/vendors/conversion-4d6c8249.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 66478
last-modified: Fri, 10 May 2024 06:48:56 GMT
etag: "663dc358-103ae"
content-encoding: gzip
expires: Sat, 11 May 2024 10:52:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f15d2424b74ddea0b46322b623806aab-ed5673fed85d329d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:52:03+00:00, 2024-05-10T11:23:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/hd-api/external/api/web/v1/converslon/load | 178.253.29.51 | 200 OK | 75 kB |
URL GET HTTP/21xlite-461430.top/hd-api/external/api/web/v1/converslon/load IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd049776506f880738fb3b9a8f7f2837d b2e95c52fe57fdc57afc9af13467ccfc8afbb1e6 7c7ef27d8d011fd4bb7571f56a71474a1140b44ec1e76434a8f1a353869c3f3b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?type=fast
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174; _ga_7JGWL9SV66=GS1.1.1715361240.1.1.1715361241.59.0.0; _ga=GA1.1.1767834371.1715361241
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:07 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-5b20b39072afd993856c5f830df55fbc-dcc63d0da58b3dff-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: ae7df3fd3a67bb8ff1af4d9d9e49976a
x-time-ng: 0.008
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=11.352, wf-uht;dur=0.020
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 | 185.244.209.62 | 200 OK | 65 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 64732, version 1.0 Hash3ac5d40d1b3966fc5eb09ecca74d9cbf a69f32357765dd321519889aeacba5e9ca893bb0 3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:08 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ae9bdbb18d75de663629444c39941b4a-e2597b7a50409075-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-10T16:30:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63920, version 1.0 Hasha65527fcb58f66a7cfbc0e6b160538b4 45d260e7fa343401b5bb0df982a014f53e2d253b fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:08 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-64f2e1128346c8698d070863c41584e6-a142ac736131c6f3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-10T17:06:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/hd-api/external/api/web/v1/j/49af7h857l2k5j42371dccf05900c368c8599fc4d19f5ab99dfc | 178.253.29.51 | 200 OK | 514 B |
URL POST HTTP/21xlite-461430.top/hd-api/external/api/web/v1/j/49af7h857l2k5j42371dccf05900c368c8599fc4d19f5ab99dfc IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashdc78007a2847311261e44acf4fe01891 b12238f7f5bdff1a6ad292e8c1b859ebcbbb9381 a7ec6c578c0a22452666f4538ffc398f67599b6f657ccf80bf7dea336fa5c035
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /hd-api/external/api/web/v1/j/49af7h857l2k5j42371dccf05900c368c8599fc4d19f5ab99dfc HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?type=fast
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105916
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174; _ga_7JGWL9SV66=GS1.1.1715361240.1.1.1715361241.59.0.0; _ga=GA1.1.1767834371.1715361241
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:09 GMT
content-type: application/json
content-length: 514
content-encoding: gzip
traceparent: 00-9387a751b85a49abd1b1b5ac7d946388-0b163e2d88d94871-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: e621307f568934468c0cb79a6421a3fe
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=10.015, wf-uht;dur=0.035
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.51 | 200 OK | 23 B |
URL POST HTTP/21xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash4f6e1eda1d7a20af239840c37e5c3b9f 9c140df2a801069f769a30a5850730fcc4c73b1a 97eeb3b39ad216edb600a9e705e6f485217086778db3cbb9d8848ad542fc76ad
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?type=fast
Content-Type: application/json
X-Lang: en
X-Uuid: 3963fe8d-05f6-4187-99a1-43c4bb18ec11
Content-Length: 99
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174; _ga_7JGWL9SV66=GS1.1.1715361240.1.1.1715361241.59.0.0; _ga=GA1.1.1767834371.1715361241
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:11 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/injector.js | 172.64.148.184 | 200 OK | 208 kB |
URL GET HTTP/2widget.suphelper.top/injector.js IP172.64.148.184:443
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
Size208 kB (208506 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"32e7a-18f381bf77a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 55
expires: Fri, 10 May 2024 21:13:59 GMT
server: cloudflare
cf-ray: 881b90244f8256c0-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/user/secure | 178.253.29.51 | 200 OK | 58 B |
URL POST HTTP/21xlite-461430.top/web-api/user/secure IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash76399f5e5f638012c16d567a0f57c059 a7503f356a3a343a4988106378855d1eb7e485ec 7dda1a29517b3026343dab84547674d19fc694ab8a74a080d7b82e2f2448ac4e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /web-api/user/secure HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=16, dt_total;dur=17.625, wf-uht;dur=0.029
set-cookie: _glhf=1715379015; expires=Fri, 10-May-2024 18:13:59 GMT; Max-Age=3600; path=/
traceparent: 00-be9e51404ef732b7291e2ec0eb02e8a4-493643c9ba6cd490-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/checker/redirect/stat/run/ | 178.253.29.51 | 200 OK | 39 B |
URL GET HTTP/21xlite-461430.top/checker/redirect/stat/run/ IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash764f7f12d724bf2514249c83bbcad27d 56a72117a1ad467989abfd5a60c97ccdf72b4ea1 94a127746162790d75a0d6a79416bb428db3ed8dbf7997f097c4e10cb132a6df
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-time-ng: 0.006
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.013
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js | 172.64.148.184 | 200 OK | 1.0 MB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size1.0 MB (1015847 bytes) Hash5997e7f54cf2aebf463f16902ccbc7fc 659b9677d6196eabd63ce0feb5f4466accb72df7 08d0ab3696a84b16c7cc5306bf6d83dd27f99a2ce221ed337bf09dec8ebf95db
GET /_next/static/chunks/pages/_app-9c47c295eecaa68a.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"f8027-18f381bf92a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 727590
expires: Sat, 10 May 2025 17:14:00 GMT
server: cloudflare
cf-ray: 881b90288d9e56c0-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715361239 | 178.253.29.51 | 200 OK | 90 B |
URL GET HTTP/21xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715361239 IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 1 x 1, 8-bit/color RGB, non-interlaced Hashe45f90dcbe718dea3476c4b69b501a4e e9af26a93c467a77e4733ec537f4f5ce7a4ba089 a439dd8761d9fd4ff88e82e83200877703594491065880dbd4e59ddf4ce1b204
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/default/img/icons/pixels2.svg?v=1715361239 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=15, dt_total;dur=16.259, wf-uht;dur=0.027
traceparent: 00-ed65ae79fc7659b30f275e32ed7e4902-e245b41ad64437cd-01
x-dt: 285
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| radar.cedexis.com/1/23802/radar.js | 45.54.49.5 | 302 Moved Temporarily | 390 B |
URL GET HTTP/1.1radar.cedexis.com/1/23802/radar.js IP45.54.49.5:443 ASN#63911 NetActuate, Inc
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerDigiCert Inc Subjectradar.cedexis.com Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1 ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 10 May 2024 17:14:00 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Fri, 10 May 2024 17:24:00 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT
|
|
| widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js | 172.64.148.184 | 200 OK | 3.8 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (3855), with no line terminators Hash7288e202ab8e4cf1b7f60eed709e0986 c10effeb29bf129a7c81688b9f3a7d5485272e87 56e695b4675b50d55a92f006109771a67da822050f5ae03fd2ad02c1a9565b58
GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 858885
expires: Sat, 10 May 2025 17:14:00 GMT
server: cloudflare
cf-ray: 881b90288d9156c0-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder | 178.253.29.51 | 200 OK | 649 kB |
URL User Request GET HTTP/21xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Size649 kB (649067 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: text/html; charset=utf-8
content-encoding: br
server-timing: total;dur=374;desc="Nuxt Server Time", dt_total;dur=410.140, wf-uht;dur=0.428
set-cookie: lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Tue, 09 Jul 2024 17:13:57 GMT
reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; Path=/; Expires=Fri, 10 May 2024 18:13:57 GMT
postback_watcher=; Path=/; Expires=Fri, 10 May 2024 17:14:01 GMT
platform_type=desktop; Path=/; Expires=Mon, 13 May 2024 17:13:57 GMT; Secure; SameSite=None; Partitioned
auid=sv0dM2Y+VdUqI4fXAwoqAg==; path=/; secure; httponly; samesite=lax
traceparent: 00-2bd6ddd3bc1529bee1e0f880a10f9744-33faa4a0605cb865-01
vary: Accept-Encoding
x-dt: 285
x-frame-options: SAMEORIGIN
x-time-ng: 0.396
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js | 172.64.148.184 | 200 OK | 37 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (36674), with no line terminators Hash6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3
GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:01 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"8f42-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 867229
expires: Sat, 10 May 2025 17:14:01 GMT
server: cloudflare
cf-ray: 881b902d2c7d56c0-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/registration/fields | 178.253.29.51 | 200 OK | 32 kB |
URL POST HTTP/21xlite-461430.top/web-api/registration/fields IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash3b5fc74c6bee5ffbc649f663e5f6c1a3 0f00adb4eb180726ecd2abcc2317a29beceb13bd fe1005c8a0940ff6384b2b89aa744d692b9aed79f1d72cecfa11d1bb11fa7294
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /web-api/registration/fields HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 19
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=77, dt_total;dur=79.182, wf-uht;dur=0.091
traceparent: 00-6060b4d9b79810f7ba08ea8715456a40-c4bd28ca946b5ced-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.078
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json | 178.253.29.51 | 200 OK | 1.3 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (1430), with no line terminators Hash1a52815ebb77ea854c52f2790c66736a d375a57cee42a534bb41e36d665031d100ce9efc 0c9e8c1ae33dee3e84c55da6583bbff67d591c50a12434bcb4ca0daf27439e7c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 18:28:29 GMT
etag: W/"dfe0c8d8abf7084df9e624f1f4065e59"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V | 142.250.74.168 | 200 OK | 178 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP142.250.74.168:443
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (1822) Size178 kB (178450 bytes) Hash707715426db670f7c6bc20265790f077 a1c63146447691b529bb926431e670ad00734297 1533a689846da4191d09594e2206657fe444097f383a5d7bcbc6d65334718bb8
GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 17:14:00 GMT
expires: Fri, 10 May 2024 17:14:00 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64474
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js | 185.244.209.62 | 200 OK | 32 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 7382
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-1cd6"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3294db6fa62a7904193cac0d4670da4d-8aa86ac4a8624c27-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:35+00:00, 2024-05-10T11:09:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js | 172.64.148.184 | 200 OK | 92 B |
URL GET HTTP/2widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeASCII text, with no line terminators Hash7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a
GET /_next/static/f385e6db/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"5c-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 727590
expires: Sat, 10 May 2025 17:14:00 GMT
server: cloudflare
cf-ray: 881b90289dc356c0-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-4c15bc83.js | 185.244.209.62 | 200 OK | 19 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-4c15bc83.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (18819), with no line terminators Hash5e300d4d611a2b6e79c1200e81c2e1ac 8245599a15c5a7c43efda72285a53b3f0ca64b29 47581d8086ba691325d6cc85816afbe2ad30c5f7d91d4ad81038677f646fb79e
GET /_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-4c15bc83.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 6142
last-modified: Fri, 10 May 2024 06:48:55 GMT
etag: "663dc357-17fe"
content-encoding: gzip
expires: Sat, 11 May 2024 10:51:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d1dd1bf8c1092bab19b8f6fcfbe0e18f-263f181c10b43cb6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-10T10:51:34+00:00, 2024-05-10T11:59:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/ | 172.64.148.184 | 200 OK | 496 kB |
IP172.64.148.184:443
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
Size496 kB (496420 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 881b9025b98d56c0-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json | 178.253.29.51 | 200 OK | 8.1 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (8926), with no line terminators Hash33a8d84b65be76b07b379586ce0f30f4 d3c3a3a7c188444d7c25961a62149b97f9de1725 8cbf747c3e3ffa25baee745930d5855d78ec027e3e0c6e0bc69bfde8bc16aeaa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 13 Dec 2023 14:46:07 GMT
etag: W/"a60fb63e7c35ba8cdb1d0851ff960b1b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.046
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json | 178.253.29.51 | 200 OK | 3.3 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (3653), with no line terminators Hash8bc0581ca207c024d54d75ca53390160 62d322fceed2d7d960548e0b2216a814f68c3b31 a97dc7805fc7bb366b277032e2f95d95418bdde4db7837a7ba9b3b18c9e33e95
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 07 Mar 2024 10:41:59 GMT
etag: W/"becb2e7c22d23ed7b8c378c346c643f1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.334/285/common.svg | 185.244.209.62 | 200 OK | 147 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.334/285/common.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Size147 kB (146981 bytes) Hash7bf3e9e7d79beac942f5e7748a3af2e6 7c6896ef647506806f2cdbe998d8c9eb845a1754 663e2fc5004af9c6c1969fc5827d7ffdbfeec8d4753efd831208cb179f0a488f
GET /sys-icons/1.0.334/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ab92b5726ad58d0ee025cfdcf69f91fc-d197930328eaa3c8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-10T11:09:47+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json | 178.253.29.51 | 200 OK | 3.5 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (3821), with no line terminators Hashf342ac5d01dcda4500f8848382fbf264 7e6b6104b4d0bf5308c9255611771bdb105517de 3710268c1a1858520b32780c7ce6c4bc0e456ce106be2b51c5554663b4c02a41
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 06:25:42 GMT
etag: W/"4ceca6711e35f002e5d82e7e710000c1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.060
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-ui/2.2.15/Desktop/Default/client.css | 185.244.209.62 | 200 OK | 1.6 MB |
URL GET HTTP/2v3.traincdn.com/sys-ui/2.2.15/Desktop/Default/client.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Size1.6 MB (1550522 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sys-ui/2.2.15/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:33:06 GMT
etag: W/"5be31e73f9aaf3c05331c4f0cd80e4d9"
x-amz-meta-mtime: 1713961853.779710121
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:02 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-430b16a3abddf12ea960b996564d64e4-f095c0b9b9e0110d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:02+00:00, 2024-05-10T11:00:01+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json | 178.253.29.51 | 200 OK | 14 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash5f6393bd6febc268d33cb235c7eec194 819eb4409582bcea038e527fd5859dde2d13e0e7 9ae42c0a8d88add1a2d54faab5d819c619cb2a2a1eec7595fe1029a91449efb0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 14 Nov 2023 06:21:55 GMT
etag: W/"5f6393bd6febc268d33cb235c7eec194"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json | 178.253.29.51 | 200 OK | 499 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (548), with no line terminators Hashc1574b1ad8ae9c853e29a24f9ced1c91 10ecbaca4fef4ab5b8adade0599ed34932c6f02b e60bd60736dd06de64d6901d8cd810dcf4a88049f27f948b55871264c3bb89d9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
content-length: 499
last-modified: Mon, 05 Jun 2023 14:13:26 GMT
etag: "e3d17d66f9e675ca9273e04470203275"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.063
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json | 178.253.29.51 | 200 OK | 182 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with no line terminators Hash1354132df8a5034bcda597127952730c def2db205153babd3de7ea018e4189613aa8ddf6 c7cf9d8f1480c29d3f88a61151a62980f07c279eca2e94748f2d2dd1fa3a5c42
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
content-length: 182
last-modified: Tue, 11 Apr 2023 17:53:40 GMT
etag: "e4c69ca8e3916987138c95a26642f53a"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png | 185.244.209.62 | 200 OK | 5.2 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 514 x 514, 8-bit colormap, non-interlaced Hashb9a636eef54b2844b571fe7de49184a7 bf653690790ced40eb3189da075a275d951d1607 001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743
GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-03T07:12:40+00:00
traceparent: 00-946ff6b189b81aefbb18f52719f398cf-cda0bb740e84a4c1-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je4580v897130004za200&_p=1715361240028&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1767834371.1715361241&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715361240&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_172463m_21123c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D23141506_d26145_l73404_clickunder&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=3970 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je4580v897130004za200&_p=1715361240028&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1767834371.1715361241&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715361240&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_172463m_21123c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D23141506_d26145_l73404_clickunder&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=3970 IP216.239.32.36:443
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7JGWL9SV66>m=45je4580v897130004za200&_p=1715361240028&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1767834371.1715361241&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715361240&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_172463m_21123c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D23141506_d26145_l73404_clickunder&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=3970 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Fri, 10 May 2024 17:14:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json | 178.253.29.51 | 200 OK | 1.0 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (1143), with no line terminators Hash533208f94c3264028f9329b6fbb58515 3f0caf33232924706c8a783e08d747ed9107826b 6fa6b3635c5a9a1e019c99d1d217f74a8aba28d8ffd260db817ef1079644a7b5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 26 Jun 2023 07:10:34 GMT
etag: W/"f117f2ecd3a10db0e2d79159b68fcf2f"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.078
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/api/v3/bonuses/first-deposit | 178.253.29.51 | 200 OK | 426 B |
URL GET HTTP/21xlite-461430.top/web-api/api/v3/bonuses/first-deposit IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (464), with no line terminators Hash2d9b04c0ee3ec015e9094ce942ed9139 eebc58e94d15401f9c6737a4908018fd833d94ee dea4bd3b63fac017709162cd44048f725c21396da41d2cfdc235812fcf2eb6fc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=47, dt_total;dur=63.838, wf-uht;dur=0.077
traceparent: 00-54b119d1d7c56d2324f864a31ad79b2f-a44bd91691a83d20-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.058
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json | 178.253.29.51 | 200 OK | 1.5 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (1638), with no line terminators Hash1c21f311ce7d2fce86538083de17fbcc ac92eb66bd5dc5221bb1c6106f951876b3fa083c 5298ed1b0e5f830e5fcc0e7247e439bfacf590a5a30eae05fcc49dfcae2d0d4d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 12 May 2023 15:17:16 GMT
etag: W/"b0a50f5239a6ca38097f89684eae43e4"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json | 178.253.29.51 | 200 OK | 12 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash9e5da15e44d6b6bab0cfc7c07ba9495d 4a67254b45112089d0833028de0c9c81acb930a3 0d51ae7eaa1511001f9b8b562a49d1b55d177a655f26035364485f02d5384af9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Sat, 20 Apr 2024 09:17:16 GMT
etag: W/"9e5da15e44d6b6bab0cfc7c07ba9495d"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js | 172.64.148.184 | 200 OK | 481 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size481 kB (480579 bytes) Hash46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c
GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 853325
expires: Sat, 10 May 2025 17:14:00 GMT
server: cloudflare
cf-ray: 881b90288da556c0-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js | 172.64.148.184 | 200 OK | 77 B |
URL GET HTTP/2widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeASCII text, with no line terminators Hashb6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
GET /_next/static/f385e6db/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"4d-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 727590
expires: Sat, 10 May 2025 17:14:00 GMT
server: cloudflare
cf-ray: 881b90289dc256c0-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg | 185.244.209.62 | 200 OK | 1.2 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hasha436db0af736498349f0127d8e7fab1e b07e2c449cf16ddb052ce40d881db13a0c890b9b 93261a519c1cea62e2c934496d5e0cbd1cbc8f65b4961811316e55d9e7c96ede
GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:57 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a505fc8a0060151887a38f6157f35094-dfa4f8de0d6144fb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-11T08:32:05+00:00, 2024-05-10T16:39:50+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2298d22689-f22f-46c5-9909-308d9f188e3e%22%7D | 172.64.148.184 | 200 OK | 24 B |
URL GET HTTP/2widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2298d22689-f22f-46c5-9909-308d9f188e3e%22%7D IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashd6bacfff68d40ad2744454c2506cc0f9 85f1f094d174fd4d78bd382c7948b95e9db93215 cd0483a083f6c73e9cd006ee073b875188c49f4025f771ecbcb795d40ac980ed
GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2298d22689-f22f-46c5-9909-308d9f188e3e%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:14:01 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 881b902d1c7756c0-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1767834371.1715361241>m=45je4580v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=1332121334 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1767834371.1715361241>m=45je4580v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=1332121334 IP142.250.74.163:443
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97 ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1767834371.1715361241>m=45je4580v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=1332121334 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 10 May 2024 17:14:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| radar.cedexis.com/1707728419/stub.js | 45.54.49.5 | 200 OK | 390 B |
URL GET HTTP/1.1radar.cedexis.com/1707728419/stub.js IP45.54.49.5:443 ASN#63911 NetActuate, Inc
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerDigiCert Inc Subjectradar.cedexis.com Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1 ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (401), with no line terminators Hash41f91def4fb1d0becfdad5450e17dba6 17135e0326da4c71d38c2b07e230fa6ffdf16ba4 2b3a3cd4c97d33ddba33c7ac624b311cd035b41391ae3fab3a6bd5ca6f384a9f
GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:14:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:51:01 GMT
Vary: Accept-Encoding
ETag: W/"65c9ea05-186"
Expires: Fri, 24 May 2024 17:14:01 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip
|
|
| 1xlite-461430.top/web-api/api/web/v1/config/actualDomain | 178.253.29.51 | 200 OK | 269 B |
URL GET HTTP/21xlite-461430.top/web-api/api/web/v1/config/actualDomain IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (309), with no line terminators Hash215d4ec41a2eef4892f50668a08d78b5 679c59d35660def6d7f69ef1ba474d68d92610c7 0a89b52963ad8bfdbef544205e0302670992919f2a89583905c2a264ae8e2c7b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:58 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=49, dt_total;dur=50.649, wf-uht;dur=0.063
set-cookie: SESSION=323393565b119d548b6a7adb60cbcf8b; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-9e4310e8be128b3dfa096bc262c0bdf0-1008976ae6d0be12-01
x-dt: 285
x-time-ng: 0.050
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-animations/game-169-animation.svg | 185.244.209.62 | 200 OK | 4.2 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/games-images/game-animations/game-169-animation.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashe107d9fb1f38d0b15700497cf3223da1 66d09ecd5e413d1f1fd49f80e1a2d37419027b57 5050d6b6eb38087b261f95553c3f840989f479d1b778bf8652475b1d09d8abdd
GET /sfiles/games-images/game-animations/game-169-animation.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:13:59 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Jan 2024 08:41:21 GMT
etag: W/"6b19d39f5180df62c717cfa7d870e7ed"
x-amz-meta-origin-date-iso8601: 2024-01-12T15:52:06.000Z
expires: Fri, 10 May 2024 00:01:03 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-68e16da2ccc12d183f87093681dbcbd3-4c0915f2f51f830a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T00:01:03+00:00, 2024-05-10T00:07:41+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json | 178.253.29.51 | 200 OK | 2.6 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (2854), with no line terminators Hashecacc4d3ca1ba475ef20875ff4225f06 528aa5b0070cfcd78034449c40533e51278cba2a 328065b0030c77de9cafba92ec86d89b32ca55f32a3a251cdb7687f1f44c4859
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 14:59:39 GMT
etag: W/"269ccea9c3f07d37d497b4911e5d6e0b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json | 178.253.29.51 | 200 OK | 2.0 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/registration?tag=d_172463m_21123c_[]MS[]null[]reg[]general[]23141506_d26145_l73404_clickunder CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (2238), with no line terminators Hash9c6d751199ab5a88d2386a29567eb98e 4af37f69630e8f542f1b30280ee561c07c83107f cdc297778845a4c68445e25e9829bb406511d4da094fb4e9ba03fe9704b4ec99
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_172463m_21123c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D23141506_d26145_l73404_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dM2Y+VdUqI4fXAwoqAg==; window_width=1280; SESSION=323393565b119d548b6a7adb60cbcf8b; che_g=83d25893-fa21-413b-f48d-8285a4088b2d; _glhf=1715379015; sh.session.id=98d22689-f22f-46c5-9909-308d9f188e3e; ggru=174
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 17:14:00 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 28 Nov 2023 09:26:45 GMT
etag: W/"dad3a9b077bc630619a2f0a6422b65ae"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2
|
|