Report - pezaurwebut.de/bd2df8ab-33a7-44b4-adb7-a405d7b098ed

Report Overview

Submitted URL
pezaurwebut.de/bd2df8ab-33a7-44b4-adb7-a405d7b098ed
IP
164.90.253.124
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2024-05-10 06:18:54
Access
public
Website Title
1xBet registration ᐉ Sign up 1xBet ᐉ 1xlite-461430.top
Final URL
1xlite-461430.top/en/registration?type=fast
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
80

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
e1.o.lencr.org	6159	2020-06-29	2021-08-20	2024-05-09	326 B	728 B	23.33.119.57
pezaurwebut.de	unknown	unknown	2024-03-25	2024-04-18	505 B	306 B	164.90.253.124
radar.cedexis.com	3035	2009-01-07	2013-11-27	2024-05-09	824 B	1.2 kB	45.54.49.5
widget.suphelper.top	unknown	2023-08-02	2023-10-04	2024-05-02	6.8 kB	1.7 MB	172.64.148.184
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-05-09	4.0 kB	1.7 kB	216.239.32.36
www.google.no	25607	2001-02-26	2016-04-05	2024-05-09	588 B	580 B	142.250.74.163
1xlite-461430.top	unknown	2023-08-11	2023-08-11	2024-05-09	49 kB	1.1 MB	178.253.29.51
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2024-05-07	24 kB	3.0 MB	185.244.209.62
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-09	1.3 kB	498 kB	142.250.74.168
refpaucqkl.top	unknown	2019-05-08	2019-06-07	2023-08-29	581 B	674 kB	45.135.120.2

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed
2024-05-10	medium	1xlite-461430.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (57)

	URL	Size	First Seen	Last Seen
	v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js	3.2 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-13 08:08:48 Times Seen25 Hash 5233ff069edca79a361c0b2b198b55cc ba4364baebab13117998653f970a92b8ee07f900 c738fe5d4a58cfa5164ec13724b158a0021645987ebb534e1a230895b48b2e56 Loading...

	widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js	77 B	2023-03-07	2024-05-20
Pretty URL widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-20 15:06:40 Times Seen87696 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js	955 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-13 08:08:48 Times Seen25 Hash de196c8e650ca4c514b5fbccb5f0fc2d fe73fce013c7cf22d6c01057981a01947484b020 27db5de650dc124db682f1dcd0bc5b018980cd52f3baaf8e4bab2d74fb9e0b5f Loading...

	v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js	894 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-13 08:08:48 Times Seen26 Hash eb4f34c1bf9c9befda1bf247f5e1df5b 334210525b8a7dad9cf37084c56194190961b67f f6dbc277c6f693b6ce346441312122bcfd288f3c93c550e9922ec3ddc128e28e Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js	17 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen26 Hash f2263fc2e9f9bff4572f3b1c24a80ab2 efe1b2479e2f34dbe912d9e588759b2787bbc3b9 38444c18d8c24549cc13b2de3a055976ec8f3f238e022739f0b6aef8fa74db9b Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-4c15bc83.js	19 kB	2024-05-10	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-4c15bc83.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 08:18:58 Last Seen2024-05-13 08:08:48 Times Seen10 Hash 5e300d4d611a2b6e79c1200e81c2e1ac 8245599a15c5a7c43efda72285a53b3f0ca64b29 47581d8086ba691325d6cc85816afbe2ad30c5f7d91d4ad81038677f646fb79e Loading...

	v3.traincdn.com/_nuxt/desktop/default/registration.Main-86cd3b1b.js	85 kB	2024-05-10	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/registration.Main-86cd3b1b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 08:18:58 Last Seen2024-05-13 08:08:48 Times Seen10 Hash be6249a2c8ec352029f063ee89f27475 5e6f27a7e26c7b99e17892563a70592220d81b77 6c2ad4b37c5b7052262f6f1d4cb6c58ab6a1ce5fa8dc13ae315cf3c8faa668f1 Loading...

	widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js	107 kB	2024-04-25	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-20 12:33:19 Times Seen279 Hash d0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5 Loading...

	radar.cedexis.com/1/23802/radar.js	390 B	2024-02-13	2024-05-20
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23:26 Last Seen2024-05-20 12:33:21 Times Seen331 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js	56 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-13 08:08:48 Times Seen25 Hash 732bde6d360cd7be7ce9ce10044202ba c4fdecf84f6261b354240750525cb9d2a8d87d09 d46270d03f72eb032f9e205e2eedecdf65838a9f474b356b127474f73b66d347 Loading...

	widget.suphelper.top/	196 B	2023-07-20	2024-05-20
Pretty URL widget.suphelper.top/ IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-20 14:42:12 Last Seen2024-05-20 12:33:19 Times Seen2143 Hash aa729c2ec64b60ce3b2052cc8edaa329 0f673deff4bffdd337a6220feb0b7b5b5ff666c4 9693391d461678be59d683100b1442f4ee65d2cf5bda3904fbf6232a7eb921ca Loading...

	1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push	522 B	2024-05-10	2024-05-10
Pretty URL 1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 08:18:58 Last Seen2024-05-10 08:18:58 Times Seen1 Hash 65a17b2c274eba65ce6645565266445b 42ca1be052e1b69097119d311f73e95cb71047fe cb2ea6c298016ee36f3bf645d5b5cbc95cf02cc7c131e12739809d9c41fdee8b Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js	12 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-13 08:08:48 Times Seen26 Hash 8113ecbe1d6d4c8904ce977109730f08 70cd411e85297f2d6dcccffba8f633e3c609ca5f 1349cb7987b5ebae2dc20a5ad955120b8983b0059549cd7f3b0db5dbf1c89ce5 Loading...

	widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js	481 kB	2024-01-20	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-20 12:33:21 Times Seen640 Hash 46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c Loading...

	widget.suphelper.top/_next/static/f385e6db/_buildManifest.js	519 B	2024-04-25	2024-05-20
Pretty URL widget.suphelper.top/_next/static/f385e6db/_buildManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-05-20 12:33:19 Times Seen167 Hash 06c1d20d74764a4f7dea57ebb09df4d8 d6592eaad86ec7b7bc373774bf911385ea7cf07d 46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169 Loading...

	unknown	44 B	2023-04-14	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-20 12:33:19 Times Seen974 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c	325 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 08:18:58 Last Seen2024-05-10 08:18:59 Times Seen2 Hash df88e5c580213ba8f69ceb4aa0fb8b2c 8c9ac2edb8a604ee494007309c56cae3cb89e853 3a68dcec8a4e3234fc3605cc319ee57a6cc69a5b63109dba144e49657b385566 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-4d6c8249.js	198 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-4d6c8249.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:55 Last Seen2024-05-13 08:08:48 Times Seen22 Hash aef3e7e835a99d3035bcd15797cfe9a8 5de336165d341c0601724e9c1051555ad1823207 25e9709b1b46caed0b4303d82fc1ed87763c84d661878f0a9e247c6e8a7c92ef Loading...

	unknown	34 B	2023-04-14	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-20 12:33:19 Times Seen985 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	unknown	39 B	2023-04-14	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-20 12:33:19 Times Seen977 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js	138 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen26 Hash 414c44a4caf31196b27b1c5c11628879 2536bdd8d54c6f619dc0a200015d9a7b95c08f90 07a1a14bccef15bc4e72f798aa8ae3c18decb59c7ad601832305f8180d3d3b54 Loading...

	v3.traincdn.com/_nuxt/desktop/default/analytics-4b5e21b9.js	6.5 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/analytics-4b5e21b9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen23 Hash 9a4be384412c80b7437a28e4029c1fb2 c22adfa2c7e5c07fa8f35643e0cf77083792441d b52c3c4608a1dda0852dac06c440b9932e1134f4cda761c63f24faf3c01ed919 Loading...

	widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js	78 kB	2024-01-20	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-20 12:33:21 Times Seen648 Hash dc6852529f28802d37affa5953d07260 4edd220fe8df4b009a1775ebe57f19d40999659f 4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84 Loading...

	unknown	47 B	2023-04-14	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-20 12:33:19 Times Seen974 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js	7.0 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen26 Hash 426b4077094d2bf6f0f1feab6aaaaa40 b6ac46785f2225c76aaf65d152456765df824887 864bc0a49b9b457b62b65a8902f9f07305e5010d46df4cc5416dfb8b028c2c09 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js	27 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:51 Last Seen2024-05-13 08:08:48 Times Seen26 Hash 5e555ad28a7c695afb377a8855610652 8f195d8ff18e3e2d1105587315d8d3102650bf3a b90b7ba895ec988a0b72b9fd21ccc3d8e1d1cc4035f57fc47be6fb00e32caacc Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js	26 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:52 Last Seen2024-05-13 08:08:48 Times Seen23 Hash 6d75d9fb64764579504c00ce537f6ff1 5661eb661bdef0a6a8bdd029ba5b7b9eb050e15e bf2a87bf4b4484a7ff05c40e1b4c94a316800dedb9445359cda5e43efa825d9f Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js	32 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-13 08:08:48 Times Seen24 Hash 3ca2554a30cd9245966f39206d05ed01 b7e1bc94b6c370bc32a9b57e52dfac27264afdce ff808bc9910f34faee9d25b4d9dcff5c145337ca0211d762b6c58a08f86512b4 Loading...

	v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js	2.3 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen24 Hash 55a903571af1a626a07aa8e6a5d83e1e 744db188996ec7ada8c219355d471d2ed347a9a2 ebd3f27093e1a541034d9c46a308f1273e0480bbeaaccf70f638e95f663c95e6 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-a2245b65.js	60 kB	2024-05-10	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-a2245b65.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 08:18:59 Last Seen2024-05-13 08:08:48 Times Seen10 Hash 0f6966081c192c5fabe000e7720d614b 4af5672f3280422389f6612d4370f3619cbfbf8f ecbb7c3eb54c7b698326b3898d600767294885eb3f970ed36447e62dd0f37426 Loading...

	widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js	37 kB	2023-10-13	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:04:09 Last Seen2024-05-20 12:33:21 Times Seen3275 Hash 6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3 Loading...

	widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js	141 kB	2023-03-08	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:26:33 Last Seen2024-05-20 12:33:21 Times Seen2570 Hash 896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4 Loading...

	widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js	373 kB	2024-04-24	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-05-20 12:33:21 Times Seen273 Hash 36e4e2c2a2498b008514f1f0250c8018 cfa53d1c8533fb5941d9ff4f1e45e8c831658693 42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Registration-13772f3f.js	6.4 kB	2024-05-10	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Registration-13772f3f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 08:18:59 Last Seen2024-05-13 08:08:48 Times Seen10 Hash c0dd1b5bcbd80bd6814765358f7029f8 2022d074e0bbc6542fb874e65199102397803dea a52644cb8fbc4a291ed25cd7ca7f4eefb4bab807b0abf3fa6c2d009e4ce4b209 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js	8.7 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen26 Hash 17c159eb9f582ec9da7a4285b37349f0 652f12e3c4cfdad29cff1f06e709f0d18522d8ae 3562960610c72291435591709c1b63b69ad67f4d2462cbf180241330b7486bea Loading...

	v3.traincdn.com/_nuxt/check-ob.js	211 B	2024-04-24	2024-05-20
Pretty URL v3.traincdn.com/_nuxt/check-ob.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-05-20 12:33:20 Times Seen309 Hash ced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616 Loading...

	widget.suphelper.top/injector.js	208 kB	2023-12-17	2024-05-20
Pretty URL widget.suphelper.top/injector.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-17 15:23:16 Last Seen2024-05-20 12:33:19 Times Seen1055 Hash faa1c0b5a845868ac1a8071b6b87d458 71034e9bb2726a20b2afa197ff4e1b52c2ab976b d7585c13a4abd3b295a15b2bce2b2d7121a697f42ea85f89f40624ac26b075d0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js	77 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:55 Last Seen2024-05-13 08:08:48 Times Seen26 Hash 4df28096a23760aa74cf3b1982ae9476 1b99d6f0622b9da8e46e85df6a0b116a8c1a9943 14e6c442824a6a4230ad98dc5046540ea35f1e7ad21b65b927495df4a54aa715 Loading...

	widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js	10 kB	2024-01-20	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:35 Last Seen2024-05-20 12:33:21 Times Seen646 Hash 54b2d4e92e16d2ea51898124107af46a ab4225b696e63c9040de1511fa229cf65b4d3750 e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662 Loading...

	unknown	96 B	2023-12-06	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32:27 Last Seen2024-05-20 12:33:19 Times Seen992 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	178 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 08:18:59 Last Seen2024-05-10 08:18:59 Times Seen2 Hash 227c8d0b397811f4b534774cfe8f6daa c264aace6d383d096e20c8e9e2094d2bfa7a83ca f5e61b16e187fa8c1ec5551771e4367f5875d5352c28655ab8f10333b398eb24 Loading...

	1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push	924 B	2024-02-25	2024-05-20
Pretty URL 1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-25 06:56:59 Last Seen2024-05-20 12:33:19 Times Seen166 Hash 92bf20f2f922cc746bec8fe320b23ed3 768e5dbe711e1b62cad807b11ded99ef85001483 b81f4c4f575092cb52a07f89a96291f8e258b3f6bf61e51df0fec3bcc3132fea Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js	40 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-13 08:08:49 Times Seen21 Hash 7ddea2d217f72613646d2b7eff8e9d6f ea22eb4a231ac86ed0773f58ff856e1203bed07d 42c2cd82d0a96f636d5f7289a821ad8de15c7da1e57f58c13882da2209d4d576 Loading...

	unknown	47 B	2023-04-14	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-20 12:33:19 Times Seen972 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js	92 B	2023-03-07	2024-05-20
Pretty URL widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-20 12:33:21 Times Seen8047 Hash 7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a Loading...

	1xlite-461430.top/polyfills.js	0 B	2023-03-07	2024-05-20
Pretty URL 1xlite-461430.top/polyfills.js IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 15:19:33 Times Seen37879260 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	v3.traincdn.com/_nuxt/desktop/default/runtime-e2ae0378.js	47 kB	2024-05-08	2024-05-10
Pretty URL v3.traincdn.com/_nuxt/desktop/default/runtime-e2ae0378.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:54 Last Seen2024-05-10 08:18:59 Times Seen14 Hash 9d26081d0b3d4583fb993964e34ebc20 7354028aab0bc7bf47ae19a8ad043a5b963ac9b4 9c88d5d68f360228d938c9d263160133a15c53fd5d7989317406b54a662b469d Loading...

	v3.traincdn.com/_nuxt/desktop/default/Betting.Core-f89d33f6.js	2.5 kB	2024-05-08	2024-05-10
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-f89d33f6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-10 08:18:59 Times Seen14 Hash a961fc2d8c225c0cc2dc814175a9d9e4 9293a62e3d0f4ab392dfef6f7f7172cb9889a724 a33381e13222f9cb4ab741177e3ad9ed83e3eca14864fac385a8fc4440ff2d90 Loading...

	widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js	108 kB	2023-11-02	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:20:57 Last Seen2024-05-20 12:33:21 Times Seen2556 Hash 83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75 Loading...

	1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push	641 kB	2024-05-10	2024-05-10
Pretty URL 1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 08:18:59 Last Seen2024-05-10 08:18:59 Times Seen1 Hash b01bdebc6842f7e0610dadc537f414cf 912d8569d703b52ba0585855348dc90a28917d7b 33d78bdc7fdd80547870ba71df4a6e2f2640dc749a57531626c92bc3cbadba42 Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	325 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 08:18:59 Last Seen2024-05-10 08:18:59 Times Seen1 Hash c7a7165eff52835bf1372933c7febcf4 905d5d6b5d9fa9f7b7f6197c237f99c7e429d0cd 98f57ecdba6a47c802c4d50770b6e1c171c9f5831d253ce9f4d7944951ec0388 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js	32 kB	2024-05-08	2024-05-13
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 13:29:53 Last Seen2024-05-13 08:08:48 Times Seen21 Hash f044c79cdd766337de9617cef4fef708 e09d93c3c6e5c605672e36ea0ae6ba3c71b0f4ff abbf8ee5d929d76e03e4d3b8bc13d82fdc5688908e45a8217740b3c7a0c593eb Loading...

	1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push	9.7 kB	2024-05-02	2024-05-10
Pretty URL 1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 22:56:29 Last Seen2024-05-10 21:41:04 Times Seen16 Hash ef8971a9d0c53049fbb16dab028c9ab7 68e89ca54afcc5eee7ab30fe0555264634f3a998 880234dd3ff3ec221fa504277c6826c5085502d86eccaf740873e37fd2878348 Loading...

	data:text/javascript,export const meta = import.meta;	32 B	2023-12-06	2024-05-20
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32:28 Last Seen2024-05-20 12:33:19 Times Seen992 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js	3.8 kB	2023-10-05	2024-05-20
Pretty URL widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-05 09:17:37 Last Seen2024-05-20 12:33:19 Times Seen2093 Hash ba1681cca05ff7b4f8698587da76ab26 7113520b461dfcbdcbc1725a1acc6e05547bf20e bcfc83f65454f29634e61503e84d77f3fe8bc06451b90927bf842e9ad352ac64 Loading...

	widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js	1.0 MB	2024-05-02	2024-05-15
Pretty URL widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 12:28:02 Last Seen2024-05-15 07:03:13 Times Seen91 Hash 5997e7f54cf2aebf463f16902ccbc7fc 659b9677d6196eabd63ce0feb5f4466accb72df7 08d0ab3696a84b16c7cc5306bf6d83dd27f99a2ce221ed337bf09dec8ebf95db Loading...

		Size	First Seen	Last Seen
	#1 Eval - 4e6b7ab706be86951ca2c73096d28588	30 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 08:18:59 Last Seen2024-05-10 08:18:59 Times Seen1 Hash 4e6b7ab706be86951ca2c73096d28588 8629d8661236120b356fecd474884cd700132cff 8bb2e6503b4ec7c8ebbce3396b2c676c0ef03c8183b9dda85c2df8a0e0bdaf2e Loading...

HTTP Transactions (119)

URL IP Response Size

e1.o.lencr.org/

23.33.119.57

344 B

URL
e1.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
2d97654162356ec6112a0d1eb3b824d6
27540147c8b5a8cd4ed505f65a008c876f056ad6
15df0eba9f748c6d220becb8b81b236cc164bd06234c43c34595fe755c695688

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "15DF0EBA9F748C6D220BECB8B81B236CC164BD06234C43C34595FE755C695688"
Last-Modified: Thu, 09 May 2024 11:06:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 10 May 2024 12:18:24 GMT
Date: Fri, 10 May 2024 06:18:24 GMT
Connection: keep-alive

pezaurwebut.de/bd2df8ab-33a7-44b4-adb7-a405d7b098ed

164.90.253.124

0 B

URL
pezaurwebut.de/bd2df8ab-33a7-44b4-adb7-a405d7b098ed
IP
164.90.253.124:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bd2df8ab-33a7-44b4-adb7-a405d7b098ed HTTP/1.1
Host: pezaurwebut.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
server: nginx
date: Fri, 10 May 2024 06:18:24 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: https://refpaucqkl.top/L?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push&site=1249669&ad=4096&r=registration/
referrer-policy: no-referrer

1xlite-461430.top/polyfills.js

178.253.29.51

200 OK

0 B

URL GET HTTP/2
1xlite-461430.top/polyfills.js
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills.js HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/runtime-e2ae0378.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/runtime-e2ae0378.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (47215), with no line terminators
Size
15 kB (14754 bytes)
Hash
9d26081d0b3d4583fb993964e34ebc20
7354028aab0bc7bf47ae19a8ad043a5b963ac9b4
9c88d5d68f360228d938c9d263160133a15c53fd5d7989317406b54a662b469d

HTTP Headers

GET /_nuxt/desktop/default/runtime-e2ae0378.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 14754
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-39a2"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a03aa9ac5484cf82c968e0699ec10244-c48cb1a2c3b02804-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6ee8a9e4.css

185.244.209.62

200 OK

591 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6ee8a9e4.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2490), with no line terminators
Size
591 B (591 bytes)
Hash
7375a1956830f97b2481314bf1f0e199
7c30df38c6465e78813dc2aea95eb086bb832630
2acc171311243f36d7410ebd2b41ac7d7c7899c861153198217e7e91d3d9e4cf

HTTP Headers

GET /_nuxt/desktop/default/css/6ee8a9e4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: text/css
content-length: 591
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-24f"
content-encoding: gzip
expires: Fri, 10 May 2024 09:42:06 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0b2f06b70d664b236dd9bd375127c00f-f58471aa2f8dd55f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T09:42:06+00:00, 2024-05-10T03:25:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Registration-13772f3f.js

185.244.209.62

200 OK

2.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Registration-13772f3f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6350), with no line terminators
Size
2.2 kB (2237 bytes)
Hash
c0dd1b5bcbd80bd6814765358f7029f8
2022d074e0bbc6542fb874e65199102397803dea
a52644cb8fbc4a291ed25cd7ca7f4eefb4bab807b0abf3fa6c2d009e4ce4b209

HTTP Headers

GET /_nuxt/desktop/default/Page.Registration-13772f3f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 2237
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8bd"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:20 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e7fdad0f1a9986f298f0f8ff3929efcf-d73bc4070d59b01c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:20+00:00, 2024-05-09T11:16:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js

185.244.209.62

200 OK

2.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8663), with no line terminators
Size
2.5 kB (2474 bytes)
Hash
17c159eb9f582ec9da7a4285b37349f0
652f12e3c4cfdad29cff1f06e709f0d18522d8ae
3562960610c72291435591709c1b63b69ad67f4d2462cbf180241330b7486bea

HTTP Headers

GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-8edfaabe.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 2474
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-9aa"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3b843c8a92a9f73f88de95d43cfde201-8018625c4eab819c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/version.json

185.244.209.62

200 OK

44 B

URL GET HTTP/2
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
2cd3f78b7436d35d9fdd280a6c37a814
75c2e07d96ac86b0dc9a6d51aa04bf5a5b621390
ade3cb62a485106ca99a2f19aa6c711b36cf9a2bfabca0a8443fa2ab547805b2

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: application/json
content-length: 44
last-modified: Thu, 09 May 2024 07:16:12 GMT
etag: "663c783c-2c"
content-encoding: gzip
expires: Thu, 09 May 2024 08:13:18 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9766de4aa89f1bdba50c6db6bc2e098d-71ecbeaa7274ac55-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T08:12:18+00:00, 2024-05-10T06:17:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css

185.244.209.62

200 OK

3.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (31339), with no line terminators
Size
3.2 kB (3226 bytes)
Hash
9e9b190c1ab8126c2576203d5d43ec63
a80ccb6739023605edbd86be13f38a58ff7f4906
c4a28e2bbc67a853613460727d4abba3687be55593a7513a4079ea34579fbb02

HTTP Headers

GET /_nuxt/desktop/default/css/ca542d7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: text/css
content-length: 3226
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-c9a"
content-encoding: gzip
expires: Fri, 10 May 2024 09:58:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a605d18cfa850abfc05a2d7463d47798-fe866542c410726d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T09:58:03+00:00, 2024-05-09T10:43:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css

185.244.209.62

200 OK

46 B

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
f506188b04c16eaa9c664ed23f7ce58e
08d068d7fa5a84beb06ba924a35d84d6bfdab30a
b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9

HTTP Headers

GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2a8faffb1508bfc5b424847f05076304-0b4adb8ca9fd3ee1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:47:35+00:00, 2024-05-10T05:22:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js

185.244.209.62

200 OK

47 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/commons/app-e695e102.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
47 kB (46806 bytes)
Hash
414c44a4caf31196b27b1c5c11628879
2536bdd8d54c6f619dc0a200015d9a7b95c08f90
07a1a14bccef15bc4e72f798aa8ae3c18decb59c7ad601832305f8180d3d3b54

HTTP Headers

GET /_nuxt/desktop/default/commons/app-e695e102.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 46806
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-b6d6"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cc5e5dcfb8f71087be0db2989a6fb1ed-81b6e77d5aca2394-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9958), with no line terminators
Size
2.3 kB (2277 bytes)
Hash
76a1e3dd8e25bf9a48bdd896de779d20
38c3643e25808d1f3ab167273201eac8c113c088
aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273

HTTP Headers

GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: text/css
content-length: 2277
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-8e5"
content-encoding: gzip
expires: Thu, 09 May 2024 11:28:05 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-56b2429d64c32e0908b58eb9f5dd0a2f-009c383d821cb970-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:28:05+00:00, 2024-05-09T12:11:11+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/7c3945cb.css

185.244.209.62

17 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/7c3945cb.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
17 kB (17201 bytes)
Hash
97b6f81b90460841531e21dceae1a3f5
1116d9a217e034d8970ab1455c15e9a4d1420a14
21951b3d64319c4bc411d0b272d08f3f7d951c743b9ee4ef376091d1c24a0401

HTTP Headers

GET /_nuxt/desktop/default/css/7c3945cb.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: text/css
content-length: 17201
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-4331"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b7b5d43b6bffad33fce6272965b314de-976c247c6dc9997a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js

185.244.209.62

200 OK

267 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/app-7a457c68.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61101)
Size
267 kB (267284 bytes)
Hash
de196c8e650ca4c514b5fbccb5f0fc2d
fe73fce013c7cf22d6c01057981a01947484b020
27db5de650dc124db682f1dcd0bc5b018980cd52f3baaf8e4bab2d74fb9e0b5f

HTTP Headers

GET /_nuxt/desktop/default/vendors/app-7a457c68.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 267284
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-41414"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e5e8780b26cf14cfe9a846f421da66d2-30e9269c0a46b3e8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js

185.244.209.62

200 OK

234 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/app-80fd9d0c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators
Size
234 kB (233875 bytes)
Hash
eb4f34c1bf9c9befda1bf247f5e1df5b
334210525b8a7dad9cf37084c56194190961b67f
f6dbc277c6f693b6ce346441312122bcfd288f3c93c550e9922ec3ddc128e28e

HTTP Headers

GET /_nuxt/desktop/default/app-80fd9d0c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 233875
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-39193"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bbf2cdfae98e582a4efff0c2c90323fa-bc1f7e3a4ca54979-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1d210cb6a3bf6e0e9727da979e40c739-79c5d824749071c6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-10T05:21:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2852667457031fc6cc1b7bbe15759a4d-1aa1515c6c54d9a0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-10T06:12:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-63251c95df2f081b9a9273b015fb3cef-5fbd92aed51a31bd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-10T06:02:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/check-ob.js

185.244.209.62

200 OK

187 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/check-ob.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
187 B (187 bytes)
Hash
ced67278c38d1ce1297c121af69fff8a
df6e1531fd84d956263b04254e6f94f5356623f4
2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616

HTTP Headers

GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Wed, 08 May 2024 10:15:17 GMT
etag: "663b50b5-bb"
content-encoding: gzip
expires: Thu, 09 May 2024 12:58:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f18eb655a869d07d7481b618b91788b6-853e671e26b2c0de-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:58:12+00:00, 2024-05-09T11:36:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png

185.244.209.62

200 OK

653 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d31363753c5a2f30b09206dc3f155f2a-dddf2c9c33158dd7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-05-10T06:12:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
22 kB (21899 bytes)
Hash
4df28096a23760aa74cf3b1982ae9476
1b99d6f0622b9da8e46e85df6a0b116a8c1a9943
14e6c442824a6a4230ad98dc5046540ea35f1e7ad21b65b927495df4a54aa715

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-7105a632.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 21899
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-558b"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d3105dc15d2c5a00e38c2aa41a9e6c3f-380d29d4712a9024-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js

185.244.209.62

200 OK

4.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12527), with no line terminators
Size
4.6 kB (4556 bytes)
Hash
8113ecbe1d6d4c8904ce977109730f08
70cd411e85297f2d6dcccffba8f633e3c609ca5f
1349cb7987b5ebae2dc20a5ad955120b8983b0059549cd7f3b0db5dbf1c89ce5

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-notification-99e14113.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-11cc"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-51d367a947ef72641809d7e98358a629-e209d423adc91598-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css

185.244.209.62

200 OK

953 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3352), with no line terminators
Size
953 B (953 bytes)
Hash
748da80084597d87b4ff5e98b017b07b
db6ad2ec24bfcbe751a23061d935403e1163f471
4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24

HTTP Headers

GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: text/css
content-length: 953
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-3b9"
content-encoding: gzip
expires: Thu, 09 May 2024 11:05:15 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6c1754fba848da4e69b2c03e44d3eacc-15213c1e35590804-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:05:15+00:00, 2024-05-09T15:40:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js

185.244.209.62

200 OK

8.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26717), with no line terminators
Size
8.1 kB (8055 bytes)
Hash
5e555ad28a7c695afb377a8855610652
8f195d8ff18e3e2d1105587315d8d3102650bf3a
b90b7ba895ec988a0b72b9fd21ccc3d8e1d1cc4035f57fc47be6fb00e32caacc

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-2e14a47d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1f77"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2afd913f0361ebe3f8a81fe08ee63cca-3f40686f7dac7e56-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js

185.244.209.62

200 OK

2.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6960), with no line terminators
Size
2.1 kB (2121 bytes)
Hash
426b4077094d2bf6f0f1feab6aaaaa40
b6ac46785f2225c76aaf65d152456765df824887
864bc0a49b9b457b62b65a8902f9f07305e5010d46df4cc5416dfb8b028c2c09

HTTP Headers

GET /_nuxt/desktop/default/date-fns-locale-21-4919f2b6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 2121
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-849"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-eb03322d125b2eef1001a35f3d15ebbb-144126c2a6f9045e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:19:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js

185.244.209.62

200 OK

999 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DC-fcb3e9b4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2336), with no line terminators
Size
999 B (999 bytes)
Hash
55a903571af1a626a07aa8e6a5d83e1e
744db188996ec7ada8c219355d471d2ed347a9a2
ebd3f27093e1a541034d9c46a308f1273e0480bbeaaccf70f638e95f663c95e6

HTTP Headers

GET /_nuxt/desktop/default/DC-fcb3e9b4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 999
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-3e7"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7a6f0b975e3d99e5f920cb97bc3e3435-1054286134685bb4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/web/v1/config/actualDomain

178.253.29.51

200 OK

176 B

URL GET HTTP/2
1xlite-461430.top/web-api/api/web/v1/config/actualDomain
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
176 B (176 bytes)
Hash
e90508cca101d9cb990de4c1ac272162
f2eff8d50f5d46fb966acd5ce6eae0e6928698f5
11d2a39f89bd0f2c2d4bce0007c223e73a00e54ac7423b3eff9ceec40b477e99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=45, dt_total;dur=48.381, wf-uht;dur=0.060
set-cookie: SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-5a1ab5887d1d0bd61e8a809943facac3-e45082a60c8589af-01
x-dt: 285
x-time-ng: 0.047
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285

178.253.29.51

200 OK

141 B

URL GET HTTP/2
1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
141 B (141 bytes)
Hash
bd9be2fa89d26e9e6f1b2e08ffcd0ed6
90eae25ee792254c7ca97e98c5782078f9bdc37f
c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1920; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 1386
x-request-id: dd3b0de07336df1429d6671f91046fbd
x-request-guid: dd3b0de07336df1429d6671f91046fbd
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.5380382537842, wf-uht;dur=0.010
X-Firefox-Spdy: h2

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

200 OK

23 B

URL POST HTTP/2
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
acf745a0940643303bf3e52dfb2b7c1a
2ee710f1497fcc7b2c37754d63cd1f0129c62be9
29d6c4dd3191e957f9bc0807b8967cf5fb9c8f3fee3bb8a6a247a90439d3f40e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Content-Type: application/json
X-Lang: en
X-Uuid: b44aa386-ea63-4120-8ca5-79e22c488045
Content-Length: 80
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1920; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Betting.Core-f89d33f6.js

185.244.209.62

200 OK

1.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Betting.Core-f89d33f6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2508), with no line terminators
Size
1.6 kB (1645 bytes)
Hash
a961fc2d8c225c0cc2dc814175a9d9e4
9293a62e3d0f4ab392dfef6f7f7172cb9889a724
a33381e13222f9cb4ab741177e3ad9ed83e3eca14864fac385a8fc4440ff2d90

HTTP Headers

GET /_nuxt/desktop/default/Betting.Core-f89d33f6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 1645
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-66d"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f13b2262bbffbe1f5b548d919013ba7a-04c26a07f9c85a4e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3230), with no line terminators
Size
1.5 kB (1451 bytes)
Hash
5233ff069edca79a361c0b2b198b55cc
ba4364baebab13117998653f970a92b8ee07f900
c738fe5d4a58cfa5164ec13724b158a0021645987ebb534e1a230895b48b2e56

HTTP Headers

GET /_nuxt/desktop/default/consultant.supHelperV2-c7b965b1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5ab"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-36a51f2f16e1d60488ff024166810c15-5dd73c3ff067958a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:25+00:00, 2024-05-09T11:07:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-4c15bc83.js

185.244.209.62

6.1 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-4c15bc83.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (18819), with no line terminators
Size
6.1 kB (6142 bytes)
Hash
5e300d4d611a2b6e79c1200e81c2e1ac
8245599a15c5a7c43efda72285a53b3f0ca64b29
47581d8086ba691325d6cc85816afbe2ad30c5f7d91d4ad81038677f646fb79e

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-4c15bc83.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 6142
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-17fe"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9bac50fb896d6e5d4823b0b1098fc97c-bcbd8cf436088e72-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:16:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css

185.244.209.62

200 OK

97 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
97 B (97 bytes)
Hash
9deb70dd3fbdc7061ed21c5632fbc55b
22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8
be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9

HTTP Headers

GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: text/css
content-length: 97
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-61"
content-encoding: gzip
expires: Thu, 09 May 2024 16:43:21 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-69699689d3a9ae79bd63e7266168778c-bd3327fd2045f96c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T16:43:21+00:00, 2024-05-09T14:05:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js

185.244.209.62

200 OK

8.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (25972)
Size
8.5 kB (8522 bytes)
Hash
6d75d9fb64764579504c00ce537f6ff1
5661eb661bdef0a6a8bdd029ba5b7b9eb050e15e
bf2a87bf4b4484a7ff05c40e1b4c94a316800dedb9445359cda5e43efa825d9f

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3f250b35.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 8522
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-214a"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a642cdf2c1bd40722caf72674d65291f-f8f0b302aec0f8f1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js

185.244.209.62

200 OK

9.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31683), with no line terminators
Size
9.2 kB (9211 bytes)
Hash
3ca2554a30cd9245966f39206d05ed01
b7e1bc94b6c370bc32a9b57e52dfac27264afdce
ff808bc9910f34faee9d25b4d9dcff5c145337ca0211d762b6c58a08f86512b4

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-7740bd53.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 9211
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-23fb"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-49dc2da57de877f0a615a665da59a330-c4ff805d069b0f37-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:18+00:00, 2024-05-09T10:59:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/18cbb15e.css

185.244.209.62

200 OK

2.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/18cbb15e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (17487), with no line terminators
Size
2.8 kB (2812 bytes)
Hash
84bb45c3abcedff7cc6be89969118f98
2ceb554b4184bdf42f52eb5ae30709f54bcc2c65
52a55efd24c44c2debeb23bfb2df9d757a49efbe7859067fbae73236f4b950e9

HTTP Headers

GET /_nuxt/desktop/default/css/18cbb15e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: text/css
content-length: 2812
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-afc"
content-encoding: gzip
expires: Thu, 09 May 2024 12:38:17 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ec072473236526fab5cef42947ee9571-f17735f2bd11b613-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T12:38:17+00:00, 2024-05-09T14:06:58+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-a2245b65.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-a2245b65.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (60018), with no line terminators
Size
15 kB (14623 bytes)
Hash
0f6966081c192c5fabe000e7720d614b
4af5672f3280422389f6612d4370f3619cbfbf8f
ecbb7c3eb54c7b698326b3898d600767294885eb3f970ed36447e62dd0f37426

HTTP Headers

GET /_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-a2245b65.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 14623
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-391f"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1b8c7883f57bc17a8acf2f4b3486fbd6-b509de88e2114018-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:16:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/92a501bf.css

185.244.209.62

200 OK

2.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/92a501bf.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (11783), with no line terminators
Size
2.4 kB (2379 bytes)
Hash
6c49be4e90aaa352a7a35dc9f0aa9eff
1c74d93488d6a8f1745e6f95e8193a62c05ed740
7a565737116b21c0932994654fd8916144c0926c2bab60f42d36f294af61a32e

HTTP Headers

GET /_nuxt/desktop/default/css/92a501bf.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: text/css
content-length: 2379
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-94b"
content-encoding: gzip
expires: Thu, 09 May 2024 11:28:28 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fc1d9b1c0b35a246e8519785ca55aeb5-c77ab2dd08887863-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:28:28+00:00, 2024-05-09T14:06:58+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css

185.244.209.62

200 OK

459 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1526), with no line terminators
Size
459 B (459 bytes)
Hash
97fdf5b6e7dfddf6ab251e984133b2c3
bb552fe685c52c34e0ed91e4dfaa9df2675ad086
92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3

HTTP Headers

GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: text/css
content-length: 459
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cb"
content-encoding: gzip
expires: Thu, 09 May 2024 11:05:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-50e25a5983cbf4d4fbd1e76274590a2f-5d5af27011ef9d87-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T11:05:33+00:00, 2024-05-09T15:53:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/registration.Main-86cd3b1b.js

185.244.209.62

200 OK

23 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/registration.Main-86cd3b1b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (23081 bytes)
Hash
be6249a2c8ec352029f063ee89f27475
5e6f27a7e26c7b99e17892563a70592220d81b77
6c2ad4b37c5b7052262f6f1d4cb6c58ab6a1ce5fa8dc13ae315cf3c8faa668f1

HTTP Headers

GET /_nuxt/desktop/default/registration.Main-86cd3b1b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 23081
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5a29"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9d44c80b7355b5672b57148f98c2b3f9-fecc48b98bbe552b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:16:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-49c46e45.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators
Size
17 kB (16832 bytes)
Hash
732bde6d360cd7be7ce9ce10044202ba
c4fdecf84f6261b354240750525cb9d2a8d87d09
d46270d03f72eb032f9e205e2eedecdf65838a9f474b356b127474f73b66d347

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.media-49c46e45.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 16832
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-41c0"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e8b3ee13136670a2ad04faf8458692b3-94aef0314a25a7fc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7000), with no line terminators
Size
1.5 kB (1486 bytes)
Hash
f379bc6f4b94f34d96f6fe51159bee63
f4c0d4dbef1e1e734e84e05d75e4ff950d06eb60
b2a5bd6495250a19500dd5a6ca62f045c8b70226a668dc63ef40c78883bdae11

HTTP Headers

GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: text/css
content-length: 1486
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-5ce"
content-encoding: gzip
expires: Thu, 09 May 2024 14:34:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3e1edaddc83118285ef92ca434f8eeff-2837b9147362a641-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T14:34:40+00:00, 2024-05-09T17:15:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js

185.244.209.62

200 OK

4.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.media-29872be3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16761), with no line terminators
Size
4.7 kB (4727 bytes)
Hash
f2263fc2e9f9bff4572f3b1c24a80ab2
efe1b2479e2f34dbe912d9e588759b2787bbc3b9
38444c18d8c24549cc13b2de3a055976ec8f3f238e022739f0b6aef8fa74db9b

HTTP Headers

GET /_nuxt/desktop/default/betting.media-29872be3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 4727
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1277"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d99d4e960fe77119bf2a17e9b8d0214f-2ef9e97db9898b3d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-09T11:07:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137

178.253.29.51

200 OK

222 B

URL GET HTTP/2
1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
222 B (222 bytes)
Hash
e7c940228799d1f96695b328e468ca9c
e5af05addc5a54aa316d8ead06c15e886aea6561
84626d0f6e1da40ed88e58d4d8e6d2998e2cbce21bc197b7b6a66305e94ed867

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/json; charset=utf-8
content-length: 222
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

1xlite-461430.top/session-api/sessions/user

178.253.29.51

200 OK

16 B

URL GET HTTP/2
1xlite-461430.top/session-api/sessions/user
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
646b2e82b65602d35f7aa6283c387e3a
b163a70c5df8e4b0861a23a04f8a6f78393747f4
b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.1730194091797, wf-uht;dur=0.010
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en

178.253.29.51

200 OK

2 B

URL GET HTTP/2
1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=12.39, dt_total;dur=66.564, wf-uht;dur=0.074
traceparent: 00-a5edea6c9ccbc392c673f36f8f20d796-3035aa56e2bdcc51-01
x-dt: 285
x-time-ng: 0.040
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/checker/redirect/stat/run/

178.253.29.51

200 OK

14 B

URL GET HTTP/2
1xlite-461430.top/checker/redirect/stat/run/
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
14 B (14 bytes)
Hash
2de0d0acfd684235f066bd0ec0c9e3df
68d0cb64805a42d7e40f43e8e198986b43dd6b69
9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.084
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/analytics-4b5e21b9.js

185.244.209.62

200 OK

2.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/analytics-4b5e21b9.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6455), with no line terminators
Size
2.4 kB (2434 bytes)
Hash
9a4be384412c80b7437a28e4029c1fb2
c22adfa2c7e5c07fa8f35643e0cf77083792441d
b52c3c4608a1dda0852dac06c440b9932e1134f4cda761c63f24faf3c01ed919

HTTP Headers

GET /_nuxt/desktop/default/analytics-4b5e21b9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-982"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9723bd0b25c33ad6ab88e03bded89186-0efff8582fafeecd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:07:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715321908

178.253.29.51

200 OK

107 kB

URL GET HTTP/2
1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715321908
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
107 kB (106563 bytes)
Hash
fcda65fdda97082160216491355ea8ec
1ce32f62284b4f6dc852b4eed452dbed4decf54a
b195ba516f0ab8950a1498f3a201162451f1465526d6ac15f44bd1e13542cb07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1715321908 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=15, dt_total;dur=49.800, wf-uht;dur=0.058
traceparent: 00-0755aaf67fb654941bb242124668734e-bb8da49f161324fa-01
x-dt: 285
x-time-ng: 0.041
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.168

200 OK

64 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
64 kB (64472 bytes)
Hash
227c8d0b397811f4b534774cfe8f6daa
c264aace6d383d096e20c8e9e2094d2bfa7a83ca
f5e61b16e187fa8c1ec5551771e4367f5875d5352c28655ab8f10333b398eb24

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 06:18:28 GMT
expires: Fri, 10 May 2024 06:18:28 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64472
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

154 B

URL GET HTTP/1.1
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 10 May 2024 06:18:28 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Fri, 10 May 2024 06:28:28 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c

142.250.74.168

200 OK

106 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10899)
Size
106 kB (106462 bytes)
Hash
df88e5c580213ba8f69ceb4aa0fb8b2c
8c9ac2edb8a604ee494007309c56cae3cb89e853
3a68dcec8a4e3234fc3605cc319ee57a6cc69a5b63109dba144e49657b385566

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 06:18:28 GMT
expires: Fri, 10 May 2024 06:18:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 106462
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json

178.253.29.51

200 OK

543 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
543 B (543 bytes)
Hash
2f999350fc2eea344d910e8a01de406d
bcfeaa8fadc7ca87115d7e36c955bd0df504b8ad
c73c55fa3a522662241013a108e6043dd4cde3fbfa2be0ed4a4940582e26ed36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/json
content-length: 543
last-modified: Thu, 29 Feb 2024 14:14:28 GMT
etag: "2f999350fc2eea344d910e8a01de406d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json

178.253.29.51

200 OK

822 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
822 B (822 bytes)
Hash
be781196159e458a9a157a93f6981363
54b5bb6ddb54aefb6dc1eeeab89afdf48079e959
71bf1763541ee0d4298863f03c291b09029668d448e8077518717b8810ac910f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
content-length: 822
last-modified: Mon, 08 Apr 2024 09:13:00 GMT
etag: "be781196159e458a9a157a93f6981363"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json

178.253.29.51

499 B

URL
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
499 B (499 bytes)
Hash
e3d17d66f9e675ca9273e04470203275
e676da597ad577652921e9af98e79b986ec158ae
5c26acb3823aedc062268da24385061135d42171888bb5f5a0a8f63ba09c67d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
content-length: 499
last-modified: Mon, 05 Jun 2023 14:13:26 GMT
etag: "e3d17d66f9e675ca9273e04470203275"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json

178.253.29.51

200 OK

182 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
182 B (182 bytes)
Hash
e4c69ca8e3916987138c95a26642f53a
411149ef1233c191122618916dc7fa4965a30f7c
9bbbe99b83a20d3d0bd65ab0b343de560c6d437a74a4835786bbd6a58bb0e08e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
content-length: 182
last-modified: Tue, 11 Apr 2023 17:53:40 GMT
etag: "e4c69ca8e3916987138c95a26642f53a"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json

178.253.29.51

200 OK

958 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
958 B (958 bytes)
Hash
24ec1c171afe6836881e2fba1ed559a0
588a08d22de446d484f8f51402994f37ff2527c2
a0c14f5476683e6eb7381c1820c0e914c02911ab9d24170e61548e661017f96f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
content-length: 958
last-modified: Tue, 18 Apr 2023 10:33:32 GMT
etag: "24ec1c171afe6836881e2fba1ed559a0"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json

178.253.29.51

200 OK

184 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
184 B (184 bytes)
Hash
36777c63209967831ddd2926e229b69b
7a59de3bd5fd0406a1becbd4fc6bdb49a996a0fa
c2087429233dc14f1ad96cf9b7d1f4ecf0f32fabab7fc37999644a488d10dbc2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
content-length: 184
last-modified: Thu, 09 Nov 2023 06:22:56 GMT
etag: "36777c63209967831ddd2926e229b69b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json

178.253.29.51

200 OK

675 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
675 B (675 bytes)
Hash
b0a50f5239a6ca38097f89684eae43e4
9610ba54f85b3199d09ccbaf5c3439cff43bf28a
5f96d5a91935d8a7f975d433db80afb8a995edc61ad2d8cbb0161b80dc7aec56

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 12 May 2023 15:17:16 GMT
etag: W/"b0a50f5239a6ca38097f89684eae43e4"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json

178.253.29.51

200 OK

110 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
110 kB (109758 bytes)
Hash
a60fb63e7c35ba8cdb1d0851ff960b1b
eced63a14d178fbb15f60fcc61e97bc8cfc3fb98
2ddc5a56c47ad52370f349a00393b0cfd6385b858a1f9df75a4e0b39e0a06d53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 13 Dec 2023 14:46:07 GMT
etag: W/"a60fb63e7c35ba8cdb1d0851ff960b1b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json

178.253.29.51

200 OK

30 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
30 kB (29914 bytes)
Hash
5f6393bd6febc268d33cb235c7eec194
819eb4409582bcea038e527fd5859dde2d13e0e7
9ae42c0a8d88add1a2d54faab5d819c619cb2a2a1eec7595fe1029a91449efb0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 14 Nov 2023 06:21:55 GMT
etag: W/"5f6393bd6febc268d33cb235c7eec194"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json

178.253.29.51

200 OK

856 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
856 B (856 bytes)
Hash
4ceca6711e35f002e5d82e7e710000c1
1bd282f8a354b362b4a860ef3fa2fb915f9211a8
cbb3ecf2ae1465a5d387c3e4582a5bafa1368c96db6ad3cdef0951a363dd9f0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 06:25:42 GMT
etag: W/"4ceca6711e35f002e5d82e7e710000c1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js

185.244.209.62

200 OK

7.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32231), with no line terminators
Size
7.4 kB (7382 bytes)
Hash
f044c79cdd766337de9617cef4fef708
e09d93c3c6e5c605672e36ea0ae6ba3c71b0f4ff
abbf8ee5d929d76e03e4d3b8bc13d82fdc5688908e45a8217740b3c7a0c593eb

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-95a46df4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 7382
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-1cd6"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c37d0a64deb9b0379646ef02262a4ca0-3167bb37ee5b5dd3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-09T11:07:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5171), with no line terminators
Size
1.1 kB (1050 bytes)
Hash
5d231bea9b7df6bc1e9e74e3c0a231e1
2ef607f0c766fff1b4b1e90a2d98e7094c81721e
c43fd428fe6e9d25ddf385a1cf03891194126ebf9e83d086af655272e815445b

HTTP Headers

GET /_nuxt/desktop/default/css/e5eb737e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: text/css
content-length: 1050
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-41a"
content-encoding: gzip
expires: Fri, 10 May 2024 08:09:42 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4431eefbde5fae5e326cd4354dee97e4-5b29c044ca85d2b3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T08:09:42+00:00, 2024-05-09T13:02:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js

172.64.148.184

200 OK

11 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (50458), with no line terminators
Size
11 kB (10584 bytes)
Hash
f5ed46389d31b72ac076aa20f77a8ee6
6e1ba5bc563d5e9f64671e90d259513e6a846c99
e48a9f13163b959c5004ce7a0ea77399015ff9edfb8025b2d5c382e7a4bfbddc

HTTP Headers

GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 823835
expires: Sat, 10 May 2025 06:18:29 GMT
server: cloudflare
cf-ray: 8817cfec3ba1b4ed-OSL
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/registration/fields

178.253.29.51

200 OK

37 kB

URL POST HTTP/2
1xlite-461430.top/web-api/registration/fields
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
37 kB (36569 bytes)
Hash
3b5fc74c6bee5ffbc649f663e5f6c1a3
0f00adb4eb180726ecd2abcc2317a29beceb13bd
fe1005c8a0940ff6384b2b89aa744d692b9aed79f1d72cecfa11d1bb11fa7294

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration/fields HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 19
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=100, dt_total;dur=103.234, wf-uht;dur=0.115
traceparent: 00-7425b41c69f79dfc23499303ae10d1b2-02f7cf35be5b0862-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.102
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_buildManifest.js

172.64.148.184

200 OK

774 B

URL GET HTTP/2
widget.suphelper.top/_next/static/f385e6db/_buildManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
774 B (774 bytes)
Hash
11abdf9d43fd240a0f8578536afa86e9
4774557400594d19c655b70953866ec831147e45
8ab4f252d94739f4be7b56d8c97be0af29a3476e6cd18c429bab431c7362e644

HTTP Headers

GET /_next/static/f385e6db/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"207-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 688253
expires: Sat, 10 May 2025 06:18:29 GMT
server: cloudflare
cf-ray: 8817cfec3badb4ed-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-03T07:12:40+00:00
traceparent: 00-81e108e1a912dd1affc314b1c1452543-dd5a7d6d002e27a7-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/sounds/new-message.mp3

172.64.148.184

200 OK

30 kB

URL GET HTTP/2
widget.suphelper.top/sounds/new-message.mp3
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
MPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo
Size
30 kB (29952 bytes)
Hash
ef9af24dc7dbd24ffd99c832e1300351
f78744a5013038446c468de14f205f2d52373fd6
5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9

HTTP Headers

GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"7500-18f381bf786"
cf-cache-status: HIT
expires: Fri, 10 May 2024 10:18:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817cfefcf7ab4ed-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/

172.64.148.184

200 OK

91 kB

URL GET HTTP/2
widget.suphelper.top/
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (42433), with no line terminators
Size
91 kB (91105 bytes)
Hash
74239ca9059544ab39ecc19dee9a2ab2
3ceff8ed7ead8d6c1f7b145560c2d086d490fb29
7c993a4737312c9dd9ce1408c01a912f198d12d625f0f854bffc2c6ba25559a3

HTTP Headers

GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:28 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8817cfea69cfb4ed-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4580v897130004za200&_p=1715321908605&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=822375198.1715321909&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1715321909&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_4096c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l62980_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=4820

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4580v897130004za200&_p=1715321908605&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=822375198.1715321909&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1715321909&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_4096c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l62980_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=4820
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4580v897130004za200&_p=1715321908605&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=822375198.1715321909&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1715321909&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_4096c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l62980_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=4820 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Fri, 10 May 2024 06:18:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

200 OK

23 B

URL POST HTTP/2
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
fd56e3ab092eaa1f57eacb80a1f68076
fe738a2c263e16287c2a9ec9e7e3454a15544c64
cadb558593fbdb560913eaed93e7044abcef1d6cb2bced0323ef2e08e3bbe351

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?type=fast
Content-Type: application/json
X-Lang: en
X-Uuid: b44aa386-ea63-4120-8ca5-79e22c488045
Content-Length: 187
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc; _ga_7JGWL9SV66=GS1.1.1715321909.1.1.1715321910.59.0.0; _ga=GA1.1.822375198.1715321909
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:30 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js

172.64.148.184

200 OK

9.7 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (36674), with no line terminators
Size
9.7 kB (9733 bytes)
Hash
6782c8abf3d14391f6ed5c805a973cf5
a08b255c0084e14d74199f5af64522ffaba14486
88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3

HTTP Headers

GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"8f42-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 827897
expires: Sat, 10 May 2025 06:18:29 GMT
server: cloudflare
cf-ray: 8817cfef3ecdb4ed-OSL
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4580v897130004za200&_p=1715321908605&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=822375198.1715321909&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftype%3Dfast&dr=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_4096c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l62980_push&sid=1715321909&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=10855

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4580v897130004za200&_p=1715321908605&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=822375198.1715321909&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftype%3Dfast&dr=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_4096c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l62980_push&sid=1715321909&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=10855
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4580v897130004za200&_p=1715321908605&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=822375198.1715321909&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftype%3Dfast&dr=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_4096c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l62980_push&sid=1715321909&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=10855 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Fri, 10 May 2024 06:18:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1xlite-461430.top/web-api/session

178.253.29.51

204 No Content

0 B

URL GET HTTP/2
1xlite-461430.top/web-api/session
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?type=fast
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc; _ga_7JGWL9SV66=GS1.1.1715321909.1.1.1715321910.59.0.0; _ga=GA1.1.822375198.1715321909
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 10 May 2024 06:18:36 GMT
cache-control: no-cache, private
server-timing: p;dur=14, dt_total;dur=19.835, wf-uht;dur=0.027
traceparent: 00-587e176757904576eae821556cd8a7db-b12113dd9fdd1e71-01
x-dt: 285
x-time-ng: 0.020
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-4d6c8249.js

185.244.209.62

200 OK

66 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-4d6c8249.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
66 kB (66478 bytes)
Hash
aef3e7e835a99d3035bcd15797cfe9a8
5de336165d341c0601724e9c1051555ad1823207
25e9709b1b46caed0b4303d82fc1ed87763c84d661878f0a9e247c6e8a7c92ef

HTTP Headers

GET /_nuxt/desktop/default/vendors/conversion-4d6c8249.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 66478
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-103ae"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-04e0241dc47a0fa1650b5d4a79dbe7d6-f06623db8fe59106-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:45+00:00, 2024-05-09T11:07:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/hd-api/external/api/web/v1/converslon/load

178.253.29.51

200 OK

18 kB

URL GET HTTP/2
1xlite-461430.top/hd-api/external/api/web/v1/converslon/load
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
gzip compressed data
Size
18 kB (17901 bytes)
Hash
9919f9af2027355ddda3f9584aa7adc8
6f6901b5ee91ac316fdf3376baa40acac39c796c
132591008acd52e989820ae9d584a007efbb51603543f3cf010e3b3a3bc2b37a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?type=fast
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc; _ga_7JGWL9SV66=GS1.1.1715321909.1.1.1715321910.59.0.0; _ga=GA1.1.822375198.1715321909
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:36 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-0d9c4fe9b7194194a29ec62b7e8ddad4-a69a54adb887901c-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 6fd0e5e7424726a561072354e89920f3
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=4.181, wf-uht;dur=0.012
X-Firefox-Spdy: h2

widget.suphelper.top/injector.js

172.64.148.184

200 OK

135 kB

URL GET HTTP/2
widget.suphelper.top/injector.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
135 kB (135083 bytes)
Hash
f3185991b1ad4b83556586bcea430581
44df3189d284feaecc9a2fb83e1492c8e7236017
ffffe52393dd85014edd61f35929bf28149d1d17375f72857b1dca9c214618eb

HTTP Headers

GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"32e7a-18f381bf77a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 15
expires: Fri, 10 May 2024 10:18:28 GMT
server: cloudflare
cf-ray: 8817cfe82f12b4ed-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js

172.64.148.184

200 OK

65 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
65 kB (64844 bytes)
Hash
bc7199b00dd431a780f8c77cd4267e58
ac3dd83bff814a255339bec657950c501873bf1f
0ffa1448129c0f11f5449d3083a894a1ce8b0996a22dffd59194729a06ecfffd

HTTP Headers

GET /_next/static/f385e6db/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"5c-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 688259
expires: Sat, 10 May 2025 06:18:29 GMT
server: cloudflare
cf-ray: 8817cfec5bcdb4ed-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/v3/bonuses/first-deposit

178.253.29.51

200 OK

64 kB

URL GET HTTP/2
1xlite-461430.top/web-api/api/v3/bonuses/first-deposit
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
64 kB (64143 bytes)
Hash
6c497f6fefa1ff03d2b3f026ca9ea1b2
67708749c2923ee8fb64f119bfe6601df89cc754
62d6341764aac9fa45a7c7c304e969a0408d60f679d5142d0faa28e178d132c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=37, dt_total;dur=49.740, wf-uht;dur=0.064
traceparent: 00-fc8176591bd38b1af122dd7c4a31fe5f-5be0a50e09e91d73-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.039
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/hd-api/external/api/web/v1/j/f79l7m2j1l6e26921761b2755cf2e71f4e855e6a6e7c014dba0f

178.253.29.51

200 OK

516 B

URL POST HTTP/2
1xlite-461430.top/hd-api/external/api/web/v1/j/f79l7m2j1l6e26921761b2755cf2e71f4e855e6a6e7c014dba0f
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
516 B (516 bytes)
Hash
7dc06f570a5f1532d0bb67a2284afa9d
3fd90a6e309392e6f5b46c05eefa7dd44ed7071b
3fb2e72df3c8ee858a70928b7679de1fcea8e7aeb7f503f99f00a5cfd10e6ccd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/api/web/v1/j/f79l7m2j1l6e26921761b2755cf2e71f4e855e6a6e7c014dba0f HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?type=fast
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105916
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc; _ga_7JGWL9SV66=GS1.1.1715321909.1.1.1715321910.59.0.0; _ga=GA1.1.822375198.1715321909
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:38 GMT
content-type: application/json
content-length: 516
content-encoding: gzip
traceparent: 00-0b7f172ec347380ec5938838e86939ad-e9fee4da9d50d8c1-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 71ab9d9383ab989488926f016dede66e
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=6.530, wf-uht;dur=0.029
X-Firefox-Spdy: h2

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

200 OK

23 B

URL POST HTTP/2
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
b2867cec6cbcdd8f061d9586d3e0c0cc
3090d759de18163750ab018d32f9078e70ef3e71
2f4c3a62e4de3b1c129d2bcdc607ee89de31fe4af0135ca2ca30b4111b236b46

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?type=fast
Content-Type: application/json
X-Lang: en
X-Uuid: b44aa386-ea63-4120-8ca5-79e22c488045
Content-Length: 99
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc; _ga_7JGWL9SV66=GS1.1.1715321909.1.1.1715321910.59.0.0; _ga=GA1.1.822375198.1715321909
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:39 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json

178.253.29.51

200 OK

2.0 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text, with very long lines (2238), with no line terminators
Size
2.0 kB (2039 bytes)
Hash
9c6d751199ab5a88d2386a29567eb98e
4af37f69630e8f542f1b30280ee561c07c83107f
cdc297778845a4c68445e25e9829bb406511d4da094fb4e9ba03fe9704b4ec99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 28 Nov 2023 09:26:45 GMT
etag: W/"dad3a9b077bc630619a2f0a6422b65ae"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js

185.244.209.62

200 OK

40 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (39925), with no line terminators
Size
40 kB (39925 bytes)
Hash
7ddea2d217f72613646d2b7eff8e9d6f
ea22eb4a231ac86ed0773f58ff856e1203bed07d
42c2cd82d0a96f636d5f7289a821ad8de15c7da1e57f58c13882da2209d4d576

HTTP Headers

GET /_nuxt/desktop/default/vendors/Registration.Fields-8e394611.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 8881
last-modified: Wed, 08 May 2024 10:16:12 GMT
etag: "663b50ec-22b1"
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cf1c5c20c36cbfa5a47238afba483e1e-f1c6ad7d7531bb36-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-09T11:07:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json

178.253.29.51

200 OK

1.3 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text, with very long lines (1430), with no line terminators
Size
1.3 kB (1290 bytes)
Hash
1a52815ebb77ea854c52f2790c66736a
d375a57cee42a534bb41e36d665031d100ce9efc
0c9e8c1ae33dee3e84c55da6583bbff67d591c50a12434bcb4ca0daf27439e7c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 18:28:29 GMT
etag: W/"dfe0c8d8abf7084df9e624f1f4065e59"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json

178.253.29.51

200 OK

36 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
36 kB (36003 bytes)
Hash
82be680bc6bd32b65cef0e3bda368678
5f5ac335405d9c792b43b6aee8d5ab64ac42e5ba
12800d3ad8e368dc1541e334f8f6f669549da16f62b4dae2ebb9929bd88322c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 30 Oct 2023 14:20:28 GMT
etag: W/"82be680bc6bd32b65cef0e3bda368678"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4580v897130004za200&_p=1715321908605&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=822375198.1715321909&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715321909&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_4096c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l62980_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=4573

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4580v897130004za200&_p=1715321908605&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=822375198.1715321909&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715321909&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_4096c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l62980_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=4573
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4580v897130004za200&_p=1715321908605&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=822375198.1715321909&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715321909&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_4096c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l62980_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=4573 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Fri, 10 May 2024 06:18:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.168

200 OK

325 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
325 kB (325204 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 06:18:28 GMT
expires: Fri, 10 May 2024 06:18:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 106473
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js

172.64.148.184

200 OK

77 B

URL GET HTTP/2
widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
b6652df95db52feb4daf4eca35380933
65451d110137761b318c82d9071c042db80c4036
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

HTTP Headers

GET /_next/static/f385e6db/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"4d-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 688259
expires: Sat, 10 May 2025 06:18:29 GMT
server: cloudflare
cf-ray: 8817cfec5bc8b4ed-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2205d6a35c-42b5-4e19-a6e9-48e71e883ffc%22%7D

172.64.148.184

200 OK

24 B

URL GET HTTP/2
widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2205d6a35c-42b5-4e19-a6e9-48e71e883ffc%22%7D
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
d6bacfff68d40ad2744454c2506cc0f9
85f1f094d174fd4d78bd382c7948b95e9db93215
cd0483a083f6c73e9cd006ee073b875188c49f4025f771ecbcb795d40ac980ed

HTTP Headers

GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2205d6a35c-42b5-4e19-a6e9-48e71e883ffc%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8817cfef2eaab4ed-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=822375198.1715321909&gtm=45je4580v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=309193970

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=822375198.1715321909&gtm=45je4580v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=309193970
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97
ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=822375198.1715321909&gtm=45je4580v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=309193970 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 10 May 2024 06:18:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json

178.253.29.51

200 OK

2.1 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text, with very long lines (2345), with no line terminators
Size
2.1 kB (2128 bytes)
Hash
f28a40d30a99fab8a5ccced08db52f77
063e77333797a10e097679a1e4d17269fc6d3b6b
a46ea2afe2103a473c90b17137f840e29d578a74d191daac521d45e9d3cf1d6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js

172.64.148.184

200 OK

78 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77801 bytes)
Hash
dc6852529f28802d37affa5953d07260
4edd220fe8df4b009a1775ebe57f19d40999659f
4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84

HTTP Headers

GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"12fe9-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 819554
expires: Sat, 10 May 2025 06:18:29 GMT
server: cloudflare
cf-ray: 8817cfec3b9eb4ed-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.334/285/bonus.svg

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.334/285/bonus.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
16 kB (16347 bytes)
Hash
5dfc9cb3b4b0fdaa0ca8f0bebfaf0a6e
26203d2e2202d3235df633980f2ff038142c7a56
79196fff489b0c355e20bb232694b9df71bc6a4a905cb9018afdce4d7eb0ee30

HTTP Headers

GET /sys-icons/1.0.334/285/bonus.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"5dfc9cb3b4b0fdaa0ca8f0bebfaf0a6e"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:27 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f44947c6ba4852468022cd1f59310117-fd7044a5dd8f519f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:27+00:00, 2024-05-09T11:16:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json

178.253.29.51

200 OK

2.6 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text, with very long lines (2854), with no line terminators
Size
2.6 kB (2589 bytes)
Hash
ecacc4d3ca1ba475ef20875ff4225f06
528aa5b0070cfcd78034449c40533e51278cba2a
328065b0030c77de9cafba92ec86d89b32ca55f32a3a251cdb7687f1f44c4859

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 14:59:39 GMT
etag: W/"269ccea9c3f07d37d497b4911e5d6e0b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js

172.64.148.184

200 OK

3.8 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (3855), with no line terminators
Size
3.8 kB (3792 bytes)
Hash
7288e202ab8e4cf1b7f60eed709e0986
c10effeb29bf129a7c81688b9f3a7d5485272e87
56e695b4675b50d55a92f006109771a67da822050f5ae03fd2ad02c1a9565b58

HTTP Headers

GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 819554
expires: Sat, 10 May 2025 06:18:29 GMT
server: cloudflare
cf-ray: 8817cfec2b92b4ed-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js

172.64.148.184

200 OK

481 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
481 kB (480579 bytes)
Hash
46260bb46d51262abee818c0c3bcf1c6
fe3be222aec74704fad1fa2559788b1fa287094a
20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c

HTTP Headers

GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 813994
expires: Sat, 10 May 2025 06:18:29 GMT
server: cloudflare
cf-ray: 8817cfec3b9ab4ed-OSL
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/registration

178.253.29.51

200 OK

3.8 kB

URL POST HTTP/2
1xlite-461430.top/web-api/registration
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
Unicode text, UTF-8 text, with very long lines (4058), with no line terminators
Size
3.8 kB (3772 bytes)
Hash
c91b62d7c02f9f0a08ae126457f5b01a
62b4b29ff1bb55e5a2e89a45c59ad009cfb1de4c
409a0c79e02712ab1e645817fcd05b5875bd78467177e1def855088a823e04e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 18
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=33, dt_total;dur=58.791, wf-uht;dur=0.070
traceparent: 00-6c4d85836196253faf4790526902c87e-df38f8061fe9600c-01
x-dt: 285
x-time-ng: 0.049
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.334/285/country.svg

185.244.209.62

200 OK

178 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.334/285/country.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
178 kB (178404 bytes)
Hash
60caf0d666af828706b3d83c428a31e4
0f687988f8e835cb514794a4dbf7bb98613865f2
493ff1845dd1167680740cc525f4fb69ecdc4332265e83e76c26296a5001a602

HTTP Headers

GET /sys-icons/1.0.334/285/country.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"60caf0d666af828706b3d83c428a31e4"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:28 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4649f35d93b79115e74e8e23f44a6f43-52e509151f48cd4b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:28+00:00, 2024-05-09T11:07:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/user/secure

178.253.29.51

200 OK

58 B

URL POST HTTP/2
1xlite-461430.top/web-api/user/secure
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
a562b152e566d70ecb3a61995f6b4ccb
162447650fef94a4b449212a95c1e311634114fc
de94612505273040c33cdd57482e0b01437ab025df598045e07707a61970d157

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/user/secure HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=15, dt_total;dur=16.817, wf-uht;dur=0.030
set-cookie: _glhf=1715339684; expires=Fri, 10-May-2024 07:18:28 GMT; Max-Age=3600; path=/
traceparent: 00-e48a481462467b97cd976922ba71e8ee-0f4df0c5c97b7384-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4580v897130004za200&_p=1715321908605&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=822375198.1715321909&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&sid=1715321909&sct=1&seg=1&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_4096c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l62980_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=5853

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4580v897130004za200&_p=1715321908605&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=822375198.1715321909&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&sid=1715321909&sct=1&seg=1&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_4096c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l62980_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=5853
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4580v897130004za200&_p=1715321908605&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=822375198.1715321909&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&sid=1715321909&sct=1&seg=1&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_4096c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l62980_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-461430.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=5853 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Fri, 10 May 2024 06:18:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json

178.253.29.51

200 OK

12 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
12 kB (11769 bytes)
Hash
9e5da15e44d6b6bab0cfc7c07ba9495d
4a67254b45112089d0833028de0c9c81acb930a3
0d51ae7eaa1511001f9b8b562a49d1b55d177a655f26035364485f02d5384af9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Sat, 20 Apr 2024 09:17:16 GMT
etag: W/"9e5da15e44d6b6bab0cfc7c07ba9495d"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js

172.64.148.184

200 OK

108 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107844 bytes)
Hash
83680ce862de40c43fc92e04b1ad0a3d
67eb6762545f4e1fee446794f4738d0f0577b6b4
e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75

HTTP Headers

GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 813994
expires: Sat, 10 May 2025 06:18:29 GMT
server: cloudflare
cf-ray: 8817cfec2b94b4ed-OSL
X-Firefox-Spdy: h2

radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

390 B

URL GET HTTP/1.1
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (401), with no line terminators
Size
390 B (390 bytes)
Hash
41f91def4fb1d0becfdad5450e17dba6
17135e0326da4c71d38c2b07e230fa6ffdf16ba4
2b3a3cd4c97d33ddba33c7ac624b311cd035b41391ae3fab3a6bd5ca6f384a9f

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 06:18:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Fri, 24 May 2024 06:18:29 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

1xlite-461430.top/seo-module-api/api/v1/visual?group_id=285&ref_id=1&url=https:%2F%2F1xlite-461430.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-461430.top&timezone=2&stream=user&section=registration&ref[id]=1&project[id]=285

178.253.29.51

200 OK

161 B

URL GET HTTP/2
1xlite-461430.top/seo-module-api/api/v1/visual?group_id=285&ref_id=1&url=https:%2F%2F1xlite-461430.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-461430.top&timezone=2&stream=user&section=registration&ref[id]=1&project[id]=285
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
161 B (161 bytes)
Hash
569d6616dae0bf36926e50e85c21eaec
aa5c24d3aa0e785ef4022df97e22296a7b421454
937ce42aeccb35855373772bfbfb46ddc728c6a763a501b8928d93e27cd94824

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/v1/visual?group_id=285&ref_id=1&url=https:%2F%2F1xlite-461430.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-461430.top&timezone=2&stream=user&section=registration&ref[id]=1&project[id]=285 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?type=fast
content-type: application/json
x-requested-with: XMLHttpRequest
x-geoip2-country-code: ru
sub-request-id: 80721f19be7a4caea919b3fbb5f64b18
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc; _ga_7JGWL9SV66=GS1.1.1715321909.1.1.1715321909.60.0.0; _ga=GA1.1.822375198.1715321909
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
content-length: 161
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: en334c423f2bfcb663063bf3f3184251c5
age: 0
x-request-id: 988525631614061465838c64c07c2238
x-request-guid: 988525631614061465838c64c07c2238
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=11.115074157715, wf-uht;dur=0.020
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json

178.253.29.51

200 OK

3.3 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text, with very long lines (3653), with no line terminators
Size
3.3 kB (3312 bytes)
Hash
8bc0581ca207c024d54d75ca53390160
62d322fceed2d7d960548e0b2216a814f68c3b31
a97dc7805fc7bb366b277032e2f95d95418bdde4db7837a7ba9b3b18c9e33e95

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 07 Mar 2024 10:41:59 GMT
etag: W/"becb2e7c22d23ed7b8c378c346c643f1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.334/285/common.svg

185.244.209.62

200 OK

147 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.334/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
147 kB (146981 bytes)
Hash
7bf3e9e7d79beac942f5e7748a3af2e6
7c6896ef647506806f2cdbe998d8c9eb845a1754
663e2fc5004af9c6c1969fc5827d7ffdbfeec8d4753efd831208cb179f0a488f

HTTP Headers

GET /sys-icons/1.0.334/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 12:55:56 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713272153.420902787
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:26 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6b669be766694ed0c5aefa6f7f36a02a-25d2e9aef4b15988-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:26+00:00, 2024-05-09T11:04:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js

172.64.148.184

200 OK

373 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
373 kB (372954 bytes)
Hash
36e4e2c2a2498b008514f1f0250c8018
cfa53d1c8533fb5941d9ff4f1e45e8c831658693
42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0

HTTP Headers

GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 823835
expires: Sat, 10 May 2025 06:18:29 GMT
server: cloudflare
cf-ray: 8817cfec3ba5b4ed-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-animations/game-169-animation.svg

185.244.209.62

200 OK

4.2 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-animations/game-169-animation.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
4.2 kB (4197 bytes)
Hash
e107d9fb1f38d0b15700497cf3223da1
66d09ecd5e413d1f1fd49f80e1a2d37419027b57
5050d6b6eb38087b261f95553c3f840989f479d1b778bf8652475b1d09d8abdd

HTTP Headers

GET /sfiles/games-images/game-animations/game-169-animation.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Jan 2024 08:41:21 GMT
etag: W/"6b19d39f5180df62c717cfa7d870e7ed"
x-amz-meta-origin-date-iso8601: 2024-01-12T15:52:06.000Z
expires: Fri, 10 May 2024 00:01:03 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1492fc58c2fb4416cdc740a8f43d626c-7293d00ee1fd1122-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-09T00:01:03+00:00, 2024-05-10T00:07:41+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/2.2.15/Desktop/Default/client.css

185.244.209.62

200 OK

1.6 MB

URL GET HTTP/2
v3.traincdn.com/sys-ui/2.2.15/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
1.6 MB (1550522 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-ui/2.2.15/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:33:06 GMT
etag: W/"5be31e73f9aaf3c05331c4f0cd80e4d9"
x-amz-meta-mtime: 1713961853.779710121
content-encoding: gzip
expires: Thu, 09 May 2024 10:51:02 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e48a665830e7dde24366eef469553aa7-b2a73f2b881d06b9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T10:51:02+00:00, 2024-05-09T10:58:14+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js

172.64.148.184

200 OK

107 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107186 bytes)
Hash
d0a7ecc59065580118a9ea8880c58962
21573546ac5011592094ef6aea0696ccdeb2164d
e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5

HTTP Headers

GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 823835
expires: Sat, 10 May 2025 06:18:29 GMT
server: cloudflare
cf-ray: 8817cfec3babb4ed-OSL
X-Firefox-Spdy: h2

refpaucqkl.top/L?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push&site=1249669&ad=4096&r=registration/

45.135.120.2

303 See Other

674 kB

URL User Request GET HTTP/2
refpaucqkl.top/L?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push&site=1249669&ad=4096&r=registration/
IP
45.135.120.2:443
ASN
#56630 Melbikomas UAB

Certificate
IssuerLet's Encrypt
Subjectrefpaucqkl.top
Fingerprint90:4D:DC:FE:97:13:E2:39:FE:C9:B5:B6:14:1A:E5:9D:74:C5:BC:7B
ValidityMon, 18 Mar 2024 09:17:13 GMT - Sun, 16 Jun 2024 09:17:12 GMT

File type

Size
674 kB (674099 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /L?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push&site=1249669&ad=4096&r=registration/ HTTP/1.1
Host: refpaucqkl.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
server: nginx
date: Fri, 10 May 2024 06:18:25 GMT
cache-control: private
location: https://1xlite-461430.top:443/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
x-aspnetmvc-version: 5.0
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.003
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/ba5c155521a3853fb5db8559f0fed629.json

178.253.29.51

200 OK

249 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/ba5c155521a3853fb5db8559f0fed629.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text, with no line terminators
Size
249 B (249 bytes)
Hash
d68ec9c7edcaefee7edfd7342e36d236
094fbce1fd6dd26d7bfeac563201d9f87df197bc
2d88c53c23a864e2464d5a72a1089437617fd164b4f19ee4938e79307e3c701e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/ba5c155521a3853fb5db8559f0fed629.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0; _glhf=1715339684; ggru=146; sh.session.id=05d6a35c-42b5-4e19-a6e9-48e71e883ffc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/json
content-length: 249
last-modified: Tue, 05 Sep 2023 10:23:36 GMT
etag: "2209ca3135f40bfbb67fd12b887402a9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

1xlite-461430.top/version.json?timestamp=1715321907601

178.253.29.51

200 OK

11 B

URL GET HTTP/2
1xlite-461430.top/version.json?timestamp=1715321907601
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
b5e183e29f10d2c0e84afe94c66794e5
6ed05bb7968c0e6d76c9988d54ca9feb484a16f0
4dd88e5f3a38dfa4a71f871df86fb936135e09555ae04d3ec37dadf59b13ac4f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /version.json?timestamp=1715321907601 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1920; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:27 GMT
content-type: application/json
content-length: 44
last-modified: Thu, 09 May 2024 07:16:12 GMT
vary: Accept-Encoding
etag: "663c783c-2c"
content-encoding: gzip
expires: Fri, 10 May 2024 06:19:27 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js

172.64.148.184

200 OK

141 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
141 kB (140949 bytes)
Hash
896d1930437c1ab92b8a359c1d6fdaae
71e0e23d1af9722f356eb5d1c497d100ec8b0f7a
8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4

HTTP Headers

GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:18:29 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 11 Mar 2024 06:37:37 GMT
etag: W/"22695-18e2c3b24d9"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 819554
expires: Sat, 10 May 2025 06:18:29 GMT
server: cloudflare
cf-ray: 8817cfec2b93b4ed-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css

185.244.209.62

200 OK

36 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (36387), with no line terminators
Size
36 kB (36387 bytes)
Hash
e6a26e7156450d40bffd62c65dd8a90c
3fa5029748cba881c7be759257525f206cb8e81d
5c473dbebadbf8c838ef80cc2106faa4c96d3822f7d61dd282e2cd11c680eec0

HTTP Headers

GET /genfiles/site-admin/colors/e6a26e7156450d40bffd62c65dd8a90c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 09:12:07 GMT
etag: W/"e6a26e7156450d40bffd62c65dd8a90c"
content-encoding: gzip
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-791e0ecec70787d04e6313ef8b6b3364-29ddd7c106ee9b8b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-08T09:19:03+00:00, 2024-05-10T05:22:57+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1232 bytes)
Hash
a436db0af736498349f0127d8e7fab1e
b07e2c449cf16ddb052ce40d881db13a0c890b9b
93261a519c1cea62e2c934496d5e0cbd1cbc8f65b4961811316e55d9e7c96ede

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:26 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-01-11T08:32:05+00:00
traceparent: 00-37ca096d628f8beaad49a65d5f5d80e5-3698d12f138b97aa-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push

178.253.29.51

200 OK

674 kB

URL User Request GET HTTP/2
1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type

Size
674 kB (674099 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:25 GMT
content-type: text/html; charset=utf-8
content-encoding: br
server-timing: total;dur=355;desc="Nuxt Server Time", dt_total;dur=398.035, wf-uht;dur=0.418
set-cookie: lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Tue, 09 Jul 2024 06:18:25 GMT
reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; Path=/; Expires=Fri, 10 May 2024 07:18:25 GMT
postback_watcher=; Path=/; Expires=Fri, 10 May 2024 06:18:29 GMT
platform_type=desktop; Path=/; Expires=Mon, 13 May 2024 06:18:25 GMT; Secure; SameSite=None; Partitioned
auid=sv0dM2Y9vDGaDwFVAx0IAg==; path=/; secure; httponly; samesite=lax
traceparent: 00-dc1d78091954f99b1da0ff0887f9e2e2-65e889906aa96685-01
vary: Accept-Encoding
x-dt: 285
x-frame-options: SAMEORIGIN
x-time-ng: 0.394
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/v3/bonuses/welcome-bonuses

178.253.29.51

200 OK

675 B

URL GET HTTP/2
1xlite-461430.top/web-api/api/v3/bonuses/welcome-bonuses
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_[]MS[]null[]reg[]general[]17300_d60291_l62980_push
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (769), with no line terminators
Size
675 B (675 bytes)
Hash
1e6e14eba274fc1ddb4d1fd9798ba788
9a9ea308099bd2de7a9861293324e153b276d91a
c3595ff52dc75767b58ffbf178a083df55e10d8d6dbcf76b24b0a76a5f9d9481

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/welcome-bonuses HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/registration?tag=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_4096c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l62980_push; postback_watcher=; platform_type=desktop; auid=sv0dM2Y9vDGaDwFVAx0IAg==; window_width=1280; SESSION=31b4bc1ce5ffea3c874d1eedbaca0db5; che_g=5a713abd-1f2e-e36a-0056-466a689408a0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 06:18:28 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=21, dt_total;dur=22.309, wf-uht;dur=0.034
traceparent: 00-c5e36e1b21d322f067052142d92f6951-128c3505d4d4b3f2-01
x-dt: 285
x-time-ng: 0.022
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (57)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML