Report - 1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click

Report Overview

Submitted URL
1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
IP
103.172.117.176
ASN
#8849 Melbikomas UAB
Submitted
2024-04-26 22:40:13
Access
public
Website Title
1xBet registration ᐉ Sign up 1xBet ᐉ 1xlite-1489498.top
Final URL
1xlite-1489498.top/en/registration?type=phone
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
86

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-26	425 B	106 kB	142.250.74.168
widget.suphelper.top	unknown	2023-08-02	2023-10-04	2024-04-18	7.2 kB	2.4 MB	104.18.39.72
radar.cedexis.com	3035	2009-01-07	2013-11-27	2024-04-25	826 B	1.3 kB	45.54.49.5
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-04-26	4.4 kB	1.7 kB	216.239.32.36
www.google.no	25607	2001-02-26	2016-04-05	2024-04-25	585 B	580 B	142.250.74.163
1xlite-1489498.top	unknown	unknown	No data	No data	65 kB	924 kB	103.172.117.176
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2024-04-08	23 kB	1.7 MB	185.244.209.62

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed
2024-04-26	medium	1xlite-1489498.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (55)

	URL	Size	First Seen	Last Seen
	v3.traincdn.com/_nuxt/desktop/default/Page.Registration-cad52a76.js	6.4 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Registration-cad52a76.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 20:11:19 Last Seen2024-04-27 05:04:22 Times Seen16 Hash e8d186fcf93d7f9139a6774ae9b88b8b 041de66e0e547a8fd9c905a254182ca726117427 ee4a580f544a89af3dd3c5416687b8b8a9b875676c6f03479234ec2c06f5be22 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js	27 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:36 Last Seen2024-04-27 09:33:59 Times Seen24 Hash e90b6bb3b92453e083ec5e739e5132b1 7cc4456a8091dd5e8dce5ac477abaf66d05742bf 088a280dd983eac2f46c008fd39b0ba0cebe84b7f2301d55ea588163c4d65800 Loading...

	v3.traincdn.com/_nuxt/desktop/default/registration.Main-8d6d8844.js	85 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/registration.Main-8d6d8844.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 20:11:19 Last Seen2024-04-27 05:04:23 Times Seen16 Hash 29bc97801044b4707c0f7427c81dffcc 07b48f7cc45fee2c1caac1bd575e16113cb4a779 c6b5b31549586b8581a44ab95bdcdab8e783843870544bfaf65299a357d82aa2 Loading...

	widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js	373 kB	2024-04-24	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-05-07 21:45:12 Times Seen90 Hash 36e4e2c2a2498b008514f1f0250c8018 cfa53d1c8533fb5941d9ff4f1e45e8c831658693 42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0 Loading...

	widget.suphelper.top/_next/static/724286ac/_buildManifest.js	519 B	2024-04-25	2024-05-07
Pretty URL widget.suphelper.top/_next/static/724286ac/_buildManifest.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-05-07 21:45:12 Times Seen54 Hash 06c1d20d74764a4f7dea57ebb09df4d8 d6592eaad86ec7b7bc373774bf911385ea7cf07d 46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169 Loading...

	widget.suphelper.top/_next/static/724286ac/_ssgManifest.js	77 B	2023-03-07	2024-05-07
Pretty URL widget.suphelper.top/_next/static/724286ac/_ssgManifest.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-07 22:05:11 Times Seen85979 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	v3.traincdn.com/_nuxt/desktop/default/Betting.Core-fc6385cb.js	2.4 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-fc6385cb.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:26:49 Last Seen2024-04-27 09:33:59 Times Seen22 Hash 982af934c8a3a7d2eb768383e2a0b2ac 13ca56f51e82e56c736339404f8b94aae6df1113 e63e483f2aaf1b76c5c464e5a62819a21237917fa1a6eb53d85dee5ee2681d19 Loading...

	v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js	3.2 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:35 Last Seen2024-04-27 09:34:00 Times Seen24 Hash fa6020f2d4e598b5afa5bb72e0c4d2aa 52c7fb50959707c999f0a3b1a192cd3884319fd1 28a7cee0e15f4c6f9262e16dc900063fcc30017410241306903c852861bb2852 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/app-fb158860.js	956 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-fb158860.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:35 Last Seen2024-04-27 09:33:59 Times Seen23 Hash 1c1deca627849071e9e8c38038325677 a829a0057b98d340e106da7dc18b600a936a3709 ddcc9e115145c1d52554320320493606a22edca9d102b2b79a6cd880d2fcad19 Loading...

	widget.suphelper.top/	196 B	2023-07-20	2024-05-07
Pretty URL widget.suphelper.top/ IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-20 14:42:12 Last Seen2024-05-07 21:45:12 Times Seen2027 Hash aa729c2ec64b60ce3b2052cc8edaa329 0f673deff4bffdd337a6220feb0b7b5b5ff666c4 9693391d461678be59d683100b1442f4ee65d2cf5bda3904fbf6232a7eb921ca Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-000a2948.js	199 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-000a2948.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:34 Last Seen2024-04-27 09:34:02 Times Seen20 Hash 3cad391b1ba090af586203843e8c321d aa49ded6cec16b05de850449016d4161be93b686 140b667c3dc687dc7f10b8f95b4c28f9c4fa7f4c5603479c2e3f6a6d656e9786 Loading...

	unknown	34 B	2023-04-14	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-07 21:45:12 Times Seen860 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration	522 B	2024-04-26	2024-04-27
Pretty URL 1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration IP 103.172.117.176 ASN #8849 Melbikomas UAB Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 20:11:19 Last Seen2024-04-27 05:04:21 Times Seen8 Hash ffd9ea1b18ea7e7456a6a9442743dd15 cf8d683bef7725843464b85fa1f31faf40cba14d b5764659fdced2a92f0867511f3d9007295c09c650087eae4c6a538f8873fba6 Loading...

	v3.traincdn.com/_nuxt/check-ob.js	211 B	2024-04-24	2024-05-07
Pretty URL v3.traincdn.com/_nuxt/check-ob.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-05-07 21:45:13 Times Seen104 Hash ced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616 Loading...

	v3.traincdn.com/_nuxt/desktop/default/app-3803e6f7.js	852 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/app-3803e6f7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:35 Last Seen2024-04-27 09:33:59 Times Seen24 Hash 9cf24c6aa2ad7694e090bb298642dda9 7d6507c0d33e02190dfcfd38f57116e23d74b198 346e88a80035e7b808fc68bcc8174388397fe93230af5c4430cb55e28a249351 Loading...

	v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js	7.0 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:36 Last Seen2024-04-27 09:33:59 Times Seen24 Hash 74ce5bf016ae117858ebfe89a35175b8 e36d4ea0bf93ec9fe1747914a42e33ff9a100450 7b642a28afa3285ed36766a4b5698308805b13ff808c881ef9a974c3de5ae3c0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/DC-d1fb2018.js	2.3 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DC-d1fb2018.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:34 Last Seen2024-04-27 09:33:56 Times Seen22 Hash 5cf1b6cfa7bec127f69186daac9aa30e 8e37a161db7eb37f8fa8e9bee4e1ea818316ee80 37d4c09fbd6f6dcdd9c3e6de2b454865841af4d6f0c918c2091fdcc9af9df2a7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-7362e1b3.js	32 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-7362e1b3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:29:50 Last Seen2024-04-27 09:34:00 Times Seen16 Hash c3e01e6e097f5a585124308c10012158 287b213e764ccf6e8ced681e607e13c9361012e3 d47aa2eb2bd5e89961eec64f44c0777d0104dfc7ff5e7740a86bb92d763177b3 Loading...

	unknown	47 B	2023-04-14	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-07 21:45:13 Times Seen847 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration	924 B	2024-02-25	2024-05-07
Pretty URL 1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration IP 103.172.117.176 ASN #8849 Melbikomas UAB Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-25 06:56:59 Last Seen2024-05-07 21:45:12 Times Seen64 Hash 92bf20f2f922cc746bec8fe320b23ed3 768e5dbe711e1b62cad807b11ded99ef85001483 b81f4c4f575092cb52a07f89a96291f8e258b3f6bf61e51df0fec3bcc3132fea Loading...

	widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js	92 B	2023-03-07	2024-05-07
Pretty URL widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-07 21:45:12 Times Seen7802 Hash 7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a Loading...

	unknown	47 B	2023-04-14	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-07 21:45:12 Times Seen849 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration	619 kB	2024-04-27	2024-04-27
Pretty URL 1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration IP 103.172.117.176 ASN #8849 Melbikomas UAB Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-27 00:40:22 Last Seen2024-04-27 00:40:22 Times Seen1 Hash 246a7c25da3ea8c72830a29430cac63e 87a5438ae194dc4f2110b021f3172ff8f6aeb724 99c0f84cd0db7bd8968a658c900a17224935af3a8414edd9f194a183e65ef665 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3205e593.js	26 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3205e593.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:29:52 Last Seen2024-04-27 09:34:00 Times Seen20 Hash 5bbaaf26c18bce582629f29ccd1101ec 58e6d8affeeb2fa928aa6fccda50beb4ca37df23 9c8ade7d97673087e40ecba27e40a54ac42b903e1cd8ff3cdb6ad661669bf679 Loading...

	v3.traincdn.com/_nuxt/desktop/default/analytics-1d085c09.js	6.4 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/analytics-1d085c09.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:34 Last Seen2024-04-27 09:34:02 Times Seen21 Hash 7c3b6253af0f87ab95db1b7ecb5e071c 4316078471b261fbd6b751a6b9fe613389451dca 15923078094e7c2a29dc16315acfaeed3111e1202f23accb243c9249c03e2095 Loading...

	widget.suphelper.top/injector.js	208 kB	2023-12-17	2024-05-07
Pretty URL widget.suphelper.top/injector.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-17 15:23:16 Last Seen2024-05-07 21:45:12 Times Seen937 Hash faa1c0b5a845868ac1a8071b6b87d458 71034e9bb2726a20b2afa197ff4e1b52c2ab976b d7585c13a4abd3b295a15b2bce2b2d7121a697f42ea85f89f40624ac26b075d0 Loading...

	widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js	37 kB	2023-10-13	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:04:09 Last Seen2024-05-07 21:45:12 Times Seen3079 Hash 6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-ee98945f.js	32 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-ee98945f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:29:51 Last Seen2024-04-27 09:33:59 Times Seen19 Hash d3c3aac94c051ee7f8636cc09def5569 ec6b0f76c91ec8c1e859b5097fcb16880bab8ffd 362c43512ff662fd00faf50dd372769b9bf49d5884d302a6874dd1f4c6446b2b Loading...

	www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4	320 kB	2024-04-27	2024-04-27
Pretty URL www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 00:40:22 Last Seen2024-04-27 00:40:23 Times Seen2 Hash 9a150b01985478c4017adaed648aea50 2979462d0d261f9f0b96196665c9432b532dbcd6 e77bbbd5f4d5517e56449d05f7e5f67a9624f7000f629b944abd88f7eff83e83 Loading...

	widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js	3.8 kB	2023-10-05	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-05 09:17:37 Last Seen2024-05-07 21:45:12 Times Seen1978 Hash ba1681cca05ff7b4f8698587da76ab26 7113520b461dfcbdcbc1725a1acc6e05547bf20e bcfc83f65454f29634e61503e84d77f3fe8bc06451b90927bf842e9ad352ac64 Loading...

	widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js	141 kB	2023-03-08	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:26:33 Last Seen2024-05-07 21:45:12 Times Seen2374 Hash 896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4 Loading...

	widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js	1.0 MB	2024-04-25	2024-05-02
Pretty URL widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:13 Last Seen2024-05-02 04:19:28 Times Seen40 Hash 0a8ec60f8885a9417bae7ec2a3981f82 ef0fa91cda49946611fe1cd09819cfdaf8a1c6f5 15d73072cdad0ee70bdc75731a1c2d81326b0b1391b668cd36c639a321105259 Loading...

	widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js	10 kB	2024-01-20	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:35 Last Seen2024-05-07 21:45:12 Times Seen450 Hash 54b2d4e92e16d2ea51898124107af46a ab4225b696e63c9040de1511fa229cf65b4d3750 e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js	12 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:36 Last Seen2024-04-27 09:33:59 Times Seen24 Hash 1cc1975036d7d613432986b419c4f933 197f793c823c493643fa3a63441a8dac2e86a7d0 abb7c137964088db8dc1ba6fc12c6a15a4a1f6dadf88c9c595fe4b273bca3359 Loading...

	widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js	481 kB	2024-01-20	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-07 21:45:13 Times Seen451 Hash 46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-7d2adbe4.js	40 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-7d2adbe4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:29:51 Last Seen2024-04-27 09:34:03 Times Seen20 Hash 09f719ce338786eee766f484042e3ac0 205337e84727f25d00b53890d39012386860c183 aea7bb8d8fae31b8018b3d76ac917f939f9b2a8bb6928bbe7bb74f196ec1ea73 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-f64daa17.js	58 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-f64daa17.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 20:11:19 Last Seen2024-04-27 05:04:23 Times Seen16 Hash da45ffcd75ec93718dad20c271f04c18 ea32caab89822fd96185753cf3ee8ed75824e472 39b9027ae0581c1139f4fe2494d692ae833948f8534a3e3b6091408167d76799 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-d462d3ce.js	56 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-d462d3ce.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:33 Last Seen2024-04-27 09:34:00 Times Seen24 Hash a53e75793287bf430c7d81e62a86551c 43ecdd497e27c96d3c886a1ccf72dca7a9f2646b 7692da0b4d0d3168af9ce3f8d1eda4fc5ad04676e7ef7949eeb46d7be78cbeca Loading...

	widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js	108 kB	2023-11-02	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:20:57 Last Seen2024-05-07 21:45:12 Times Seen2375 Hash 83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75 Loading...

	data:text/javascript,export const meta = import.meta;	32 B	2023-12-06	2024-05-07
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32:28 Last Seen2024-05-07 21:45:13 Times Seen889 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	unknown	39 B	2023-04-14	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-07 21:45:12 Times Seen852 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.media-fd9299c8.js	17 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.media-fd9299c8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:36 Last Seen2024-04-27 09:34:03 Times Seen24 Hash 1c5f0f2576f85aa05256ef8412e1a80e e3fe4363d03125724ee18ca063552d21b11c791f aced4150b67a0055a6baca50f790709de03a987b56a894479db35c63dff31455 Loading...

	1xlite-1489498.top/polyfills.js	0 B	2023-03-07	2024-05-07
Pretty URL 1xlite-1489498.top/polyfills.js IP 103.172.117.176 ASN #8849 Melbikomas UAB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 22:06:25 Times Seen37419575 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	96 B	2023-12-06	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32:27 Last Seen2024-05-07 21:45:12 Times Seen889 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js	107 kB	2024-04-25	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-07 21:45:12 Times Seen87 Hash d0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5 Loading...

	unknown	44 B	2023-04-14	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-07 21:45:12 Times Seen849 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	v3.traincdn.com/_nuxt/desktop/default/commons/app-f433f4e5.js	138 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/commons/app-f433f4e5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:35 Last Seen2024-04-27 09:33:59 Times Seen24 Hash 5d3e2c224a2000fa0a1e1ec69e0153af a321b90afc0e3d4004f955d717254c252835f7c7 a86722ab8e12c2dbd3e0afae629f6cfad507a201859e2116cb46b49bd9d082c5 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js	77 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:36 Last Seen2024-04-27 09:33:59 Times Seen24 Hash caca89be1e6a1f2ff94c549dbdebb194 dc5f22176416438215b9fc2813dfcebc02387d43 5e392322dfabbe74a8ce7b566207e2c0d5f25416f3de462fdb9dd3c2ed430f7f Loading...

	widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js	78 kB	2024-01-20	2024-05-07
Pretty URL widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-07 21:45:12 Times Seen455 Hash dc6852529f28802d37affa5953d07260 4edd220fe8df4b009a1775ebe57f19d40999659f 4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js	8.0 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:20:34 Last Seen2024-04-27 09:33:59 Times Seen23 Hash 43df36730b19be5019e384c97ef33f00 29d1e370bad7a78660e26181f5e2671271e1d07d 9c6d3000958d016aba495fc2abb171ada373015a909c3ad2913e189717e0ba43 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-683c6f08.js	19 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-683c6f08.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 20:11:20 Last Seen2024-04-27 05:04:23 Times Seen16 Hash 40f4cf9e701933692780a2ef6970211b d55424c6ca76f072de2a3bcae7c396335a8b496d 453d184c31e22b5501cb6dc50967fb92ec5b92799db47eb36bd35c89aaf8ebf2 Loading...

	radar.cedexis.com/1/23802/radar.js	390 B	2024-02-13	2024-05-07
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23:26 Last Seen2024-05-07 21:45:15 Times Seen143 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration	9.8 kB	2024-04-27	2024-04-27
Pretty URL 1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration IP 103.172.117.176 ASN #8849 Melbikomas UAB Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-27 00:40:22 Last Seen2024-04-27 00:40:22 Times Seen1 Hash 670280ff686c5f9748ca4f5bc29755c0 8006b861fe2293f389306e64164bac687c1c0094 15f2e198da978680b525e607dedc0fc14a5970b68514b6d1d0a1ae503866b288 Loading...

	v3.traincdn.com/_nuxt/desktop/default/runtime-18ca9614.js	47 kB	2024-04-26	2024-04-27
Pretty URL v3.traincdn.com/_nuxt/desktop/default/runtime-18ca9614.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:26:50 Last Seen2024-04-27 09:33:59 Times Seen22 Hash a4a80cc0c5d67fd21f379ece59b412cb 9354acc41f3717f7fc1a79285bd5e0d386826aed d7dc624597a05dea92a2c61c83bb375c1ef4cbf2c97a62dfeaed277557c0024b Loading...

		Size	First Seen	Last Seen
	#1 Eval - db740c8df80824071c65e884c797e672	31 kB	2024-04-27	2024-04-27
Pretty Observations First Seen2024-04-27 00:40:23 Last Seen2024-04-27 00:40:23 Times Seen1 Hash db740c8df80824071c65e884c797e672 bcfc90858d910bd1ad91c8df1d78bc3c9d53a335 c5415e681a4acd4937b0161b85eea0b2ddd788e997565c3918413afdf64b3cc5 Loading...

HTTP Transactions (117)

URL IP Response Size

1xlite-1489498.top/

103.172.117.176

162 B

URL
1xlite-1489498.top/
IP
103.172.117.176:0
ASN
#8849 Melbikomas UAB

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 26 Apr 2024 22:39:13 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://1xlite-1489498.top/

v3.traincdn.com/_nuxt/desktop/default/css/6ee8a9e4.css

185.244.209.62

200 OK

591 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6ee8a9e4.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2490), with no line terminators
Size
591 B (591 bytes)
Hash
7375a1956830f97b2481314bf1f0e199
7c30df38c6465e78813dc2aea95eb086bb832630
2acc171311243f36d7410ebd2b41ac7d7c7899c861153198217e7e91d3d9e4cf

HTTP Headers

GET /_nuxt/desktop/default/css/6ee8a9e4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: text/css
content-length: 591
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-24f"
content-encoding: gzip
expires: Sat, 27 Apr 2024 09:39:10 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-45e01fc7e22e908d00127808493fdee7-3a35897368f2e99d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T09:39:10+00:00, 2024-04-26T21:15:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Registration-cad52a76.js

185.244.209.62

200 OK

2.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Registration-cad52a76.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6350), with no line terminators
Size
2.2 kB (2235 bytes)
Hash
e8d186fcf93d7f9139a6774ae9b88b8b
041de66e0e547a8fd9c905a254182ca726117427
ee4a580f544a89af3dd3c5416687b8b8a9b875676c6f03479234ec2c06f5be22

HTTP Headers

GET /_nuxt/desktop/default/Page.Registration-cad52a76.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 2235
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-8bb"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-94f513b26e0bbdf7d4f8c26083c507e4-e0c3346f222c8716-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:43+00:00, 2024-04-26T11:49:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6c310293.css

185.244.209.62

200 OK

3.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6c310293.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (31339), with no line terminators
Size
3.2 kB (3225 bytes)
Hash
3cc47f5bfd7fb2ef96257df775a1b810
bbb36b671dd4a1f6e24cce1a48368724994b3913
18aeb0ed76dd6ce1471582770244ed6c55b69fef2e84ffabdabdbf7f32600326

HTTP Headers

GET /_nuxt/desktop/default/css/6c310293.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: text/css
content-length: 3225
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-c99"
content-encoding: gzip
expires: Sat, 27 Apr 2024 12:26:53 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-46fe026dc548f0f93265d45bdfc7fd98-8844eaa1c358270c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T12:26:53+00:00, 2024-04-26T12:59:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e1909979.css

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e1909979.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
14 kB (13841 bytes)
Hash
f65aa8635d82cc4a256125e09f321e9d
1c3b94de4d52fd6f79cdfbe958b66d925863c699
4ad29cf926bd2e32368e66247d53627d4ec761a5707d99ad38622fb571794ffa

HTTP Headers

GET /_nuxt/desktop/default/css/e1909979.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: text/css
content-length: 13841
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-3611"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b93707e2a7b5081591c55adcbe60957f-7d08d420b9d584a9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/app-3803e6f7.js

185.244.209.62

200 OK

225 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/app-3803e6f7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators
Size
225 kB (224656 bytes)
Hash
9cf24c6aa2ad7694e090bb298642dda9
7d6507c0d33e02190dfcfd38f57116e23d74b198
346e88a80035e7b808fc68bcc8174388397fe93230af5c4430cb55e28a249351

HTTP Headers

GET /_nuxt/desktop/default/app-3803e6f7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 224656
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-36d90"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ee6cec618993d5446f808e22c517ddea-9444a2c7a9c30c4d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-fb158860.js

185.244.209.62

200 OK

268 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/app-fb158860.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61101)
Size
268 kB (267774 bytes)
Hash
1c1deca627849071e9e8c38038325677
a829a0057b98d340e106da7dc18b600a936a3709
ddcc9e115145c1d52554320320493606a22edca9d102b2b79a6cd880d2fcad19

HTTP Headers

GET /_nuxt/desktop/default/vendors/app-fb158860.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 267774
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-415fe"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-57b4ad6403623991b9ada69d94802574-46ad3489097c4512-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8037), with no line terminators
Size
2.3 kB (2264 bytes)
Hash
43df36730b19be5019e384c97ef33f00
29d1e370bad7a78660e26181f5e2671271e1d07d
9c6d3000958d016aba495fc2abb171ada373015a909c3ad2913e189717e0ba43

HTTP Headers

GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 2264
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-8d8"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-19917511d9b7706c39937a804825d8e7-5d1671897480527d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/version.json

185.244.209.62

200 OK

44 B

URL GET HTTP/2
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
2677fe1699935f36e2dec0b920ae6775
6aacbcc989d759c182718547b77eda21b665dd57
df24622b277b22705c70d9e48bb2dc40c5dcd69e570d2ab55e694d02a0161094

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: application/json
content-length: 44
last-modified: Fri, 26 Apr 2024 12:33:00 GMT
etag: "662b9efc-2c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 13:00:31 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-958015ab45a2f6fad490c3b59019e8e8-2e3b75b411ab6ac8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:00:10+00:00, 2024-04-26T22:38:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/runtime-18ca9614.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/runtime-18ca9614.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (47028), with no line terminators
Size
15 kB (14696 bytes)
Hash
a4a80cc0c5d67fd21f379ece59b412cb
9354acc41f3717f7fc1a79285bd5e0d386826aed
d7dc624597a05dea92a2c61c83bb375c1ef4cbf2c97a62dfeaed277557c0024b

HTTP Headers

GET /_nuxt/desktop/default/runtime-18ca9614.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 14696
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-3968"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9a18d2056b9eaf0f7f05542a697be0d9-a926d0e7de139df1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:18+00:00, 2024-04-26T13:25:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/commons/app-f433f4e5.js

185.244.209.62

200 OK

47 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/commons/app-f433f4e5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
47 kB (46791 bytes)
Hash
5d3e2c224a2000fa0a1e1ec69e0153af
a321b90afc0e3d4004f955d717254c252835f7c7
a86722ab8e12c2dbd3e0afae629f6cfad507a201859e2116cb46b49bd9d082c5

HTTP Headers

GET /_nuxt/desktop/default/commons/app-f433f4e5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 46791
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-b6c7"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-155b4d5c07019bb1beadf71eb558e770-f28fae129f1701bd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9958), with no line terminators
Size
2.3 kB (2277 bytes)
Hash
76a1e3dd8e25bf9a48bdd896de779d20
38c3643e25808d1f3ab167273201eac8c113c088
aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273

HTTP Headers

GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: text/css
content-length: 2277
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-8e5"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0a87473fe5296446bf3e1ff7fd9610d6-b023a9f1c4c4e726-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:36+00:00, 2024-04-26T11:28:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c246992cdd2ed69ab7b4f11d2fece06e-74b34bdccc4e1972-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-04-26T21:43:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f313d3f033aee26b1e9528325bceef50-32021eec13b6a5c9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-04-26T22:21:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css

185.244.209.62

200 OK

242 kB

URL GET HTTP/2
v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
242 kB (241796 bytes)
Hash
16de1f1b4057d8b564a0e9bbdd65be8d
ac92cc1e7457af0e2da459267d8cdceed1db4879
d00d8e713ed1548fadd6068150d9b9f3efec2dadaf52ad18b4d20a4ef0bd259b

HTTP Headers

GET /sys-ui/2.2.11/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:41:52 GMT
etag: W/"5be31e73f9aaf3c05331c4f0cd80e4d9"
x-amz-meta-mtime: 1713872392.088051093
content-encoding: gzip
expires: Wed, 24 Apr 2024 14:28:29 GMT
cache-control: max-age=86400
x-time-ng: 0.008
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fee8e5b510ffcb9a23347866c601a12e-aaf8bf9c19d84744-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T14:28:29+00:00, 2024-04-26T14:33:23+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-1489498.top/polyfills.js

103.172.117.176

200 OK

0 B

URL GET HTTP/2
1xlite-1489498.top/polyfills.js
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills.js HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:14 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.023
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.368
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/check-ob.js

185.244.209.62

200 OK

187 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/check-ob.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
187 B (187 bytes)
Hash
ced67278c38d1ce1297c121af69fff8a
df6e1531fd84d956263b04254e6f94f5356623f4
2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616

HTTP Headers

GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Thu, 25 Apr 2024 10:36:21 GMT
etag: "662a3225-bb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:52:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-00aeabe294fadd32fd267fe00cc1a957-89af15970b34a702-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:52:19+00:00, 2024-04-26T11:36:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png

185.244.209.62

200 OK

653 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:46 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7c1e16c3763c46c43453b68b30b9d379-497accffeda68073-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-04-26T22:14:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
22 kB (21881 bytes)
Hash
caca89be1e6a1f2ff94c549dbdebb194
dc5f22176416438215b9fc2813dfcebc02387d43
5e392322dfabbe74a8ce7b566207e2c0d5f25416f3de462fdb9dd3c2ed430f7f

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 21881
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-5579"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0322864b046ed68b8bd394793db7033d-e1043c3338070537-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js

185.244.209.62

200 OK

4.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12527), with no line terminators
Size
4.6 kB (4556 bytes)
Hash
1cc1975036d7d613432986b419c4f933
197f793c823c493643fa3a63441a8dac2e86a7d0
abb7c137964088db8dc1ba6fc12c6a15a4a1f6dadf88c9c595fe4b273bca3359

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-11cc"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-730d83f58fb796d8b1adcd8d3c220bdc-942fc84f92785d63-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css

185.244.209.62

200 OK

953 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3352), with no line terminators
Size
953 B (953 bytes)
Hash
748da80084597d87b4ff5e98b017b07b
db6ad2ec24bfcbe751a23061d935403e1163f471
4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24

HTTP Headers

GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:46 GMT
content-type: text/css
content-length: 953
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-3b9"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:04:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5b6b17683be040df9c7e2ff31746e4b7-7e5b6c00f376e06e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:04:52+00:00, 2024-04-26T14:52:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js

185.244.209.62

200 OK

8.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26717), with no line terminators
Size
8.1 kB (8055 bytes)
Hash
e90b6bb3b92453e083ec5e739e5132b1
7cc4456a8091dd5e8dce5ac477abaf66d05742bf
088a280dd983eac2f46c008fd39b0ba0cebe84b7f2301d55ea588163c4d65800

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-1f77"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-dc6f6d5386af3192533a7633396aeeab-024abb7a47ac0a95-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js

185.244.209.62

200 OK

2.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6960), with no line terminators
Size
2.1 kB (2120 bytes)
Hash
74ce5bf016ae117858ebfe89a35175b8
e36d4ea0bf93ec9fe1747914a42e33ff9a100450
7b642a28afa3285ed36766a4b5698308805b13ff808c881ef9a974c3de5ae3c0

HTTP Headers

GET /_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 2120
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-848"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c339cb9c11d591698a1c0b1ae333ee82-1b8d43e6e1a71c99-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:40+00:00, 2024-04-26T11:30:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DC-d1fb2018.js

185.244.209.62

200 OK

999 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DC-d1fb2018.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2336), with no line terminators
Size
999 B (999 bytes)
Hash
5cf1b6cfa7bec127f69186daac9aa30e
8e37a161db7eb37f8fa8e9bee4e1ea818316ee80
37d4c09fbd6f6dcdd9c3e6de2b454865841af4d6f0c918c2091fdcc9af9df2a7

HTTP Headers

GET /_nuxt/desktop/default/DC-d1fb2018.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 999
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-3e7"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-68bd9bb8d895409e39acfc26b0cbfdad-070fd959294fdf57-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-1489498.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-1489498.top&projectId=1014

103.172.117.176

200 OK

43 B

URL GET HTTP/2
1xlite-1489498.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-1489498.top&projectId=1014
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
43 B (43 bytes)
Hash
c809138c09727a461b3438eb080f8445
2b43a325cd3d2b7a1d91967f30bb52c4e136822b
47d34e128cb5a1e2edb0f30e9a15ec1c79a82bc64c512b53702ddf6a5a33f74c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-1489498.top&projectId=1014 HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:15 GMT
content-type: application/json
content-length: 43
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enb066c3de982d01779fd50476f73b1ab6
age: 61
x-request-id: fb8ea55f289fa80a53816be21d3063e2
x-request-guid: fb8ea55f289fa80a53816be21d3063e2
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.3771057128906, wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Betting.Core-fc6385cb.js

185.244.209.62

200 OK

1.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Betting.Core-fc6385cb.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2438), with no line terminators
Size
1.6 kB (1585 bytes)
Hash
982af934c8a3a7d2eb768383e2a0b2ac
13ca56f51e82e56c736339404f8b94aae6df1113
e63e483f2aaf1b76c5c464e5a62819a21237917fa1a6eb53d85dee5ee2681d19

HTTP Headers

GET /_nuxt/desktop/default/Betting.Core-fc6385cb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 1585
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-631"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:21 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4e7293742142f6a72e4e334c944e8ddd-357ebc2be8553050-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:21+00:00, 2024-04-26T13:25:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3229), with no line terminators
Size
1.5 kB (1450 bytes)
Hash
fa6020f2d4e598b5afa5bb72e0c4d2aa
52c7fb50959707c999f0a3b1a192cd3884319fd1
28a7cee0e15f4c6f9262e16dc900063fcc30017410241306903c852861bb2852

HTTP Headers

GET /_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 1450
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-5aa"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-aa08ca75efb2ab3cf511f7999474a25b-33ef1376b72051a0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cc032946dfa6e080c64efbebbbbd767e-ee8f2e60fa2811cb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-03T07:12:40+00:00, 2024-04-26T22:39:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-1489498.top/version.json?timestamp=1714171186873

103.172.117.176

200 OK

44 B

URL GET HTTP/2
1xlite-1489498.top/version.json?timestamp=1714171186873
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
2677fe1699935f36e2dec0b920ae6775
6aacbcc989d759c182718547b77eda21b665dd57
df24622b277b22705c70d9e48bb2dc40c5dcd69e570d2ab55e694d02a0161094

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /version.json?timestamp=1714171186873 HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:15 GMT
content-type: application/json
content-length: 44
last-modified: Fri, 26 Apr 2024 12:33:00 GMT
vary: Accept-Encoding
etag: "662b9efc-2c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 22:40:47 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.345
X-Firefox-Spdy: h2

1xlite-1489498.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

103.172.117.176

200 OK

23 B

URL POST HTTP/2
1xlite-1489498.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
436defc2b7ec27c6872ef6ae6ae973eb
aea5ab8036335461e1c1dfeff284a141a6ff7000
c023e2cd3c57e73f7bd2bccf0a0f442a06ce86d281666735f3a73cf6bd5b045d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Content-Type: application/json
X-Lang: en
X-Uuid: ca0c6f94-87b2-4550-988e-307aee7c4aa7
Content-Length: 81
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:15 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.353
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-683c6f08.js

185.244.209.62

200 OK

6.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-683c6f08.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (18819), with no line terminators
Size
6.1 kB (6136 bytes)
Hash
40f4cf9e701933692780a2ef6970211b
d55424c6ca76f072de2a3bcae7c396335a8b496d
453d184c31e22b5501cb6dc50967fb92ec5b92799db47eb36bd35c89aaf8ebf2

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-683c6f08.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 6136
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-17f8"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-764518f2d423911cf79e2d00096531c3-bacd3cf4cd93ca05-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:33+00:00, 2024-04-26T14:00:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css

185.244.209.62

200 OK

97 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
97 B (97 bytes)
Hash
9deb70dd3fbdc7061ed21c5632fbc55b
22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8
be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9

HTTP Headers

GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: text/css
content-length: 97
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-61"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:45:24 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-98aa093b0c6e02ec7411e8e8f7e573ea-7cd9e77c30fb1c45-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:45:24+00:00, 2024-04-26T12:06:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3205e593.js

185.244.209.62

200 OK

8.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3205e593.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (25972)
Size
8.5 kB (8518 bytes)
Hash
5bbaaf26c18bce582629f29ccd1101ec
58e6d8affeeb2fa928aa6fccda50beb4ca37df23
9c8ade7d97673087e40ecba27e40a54ac42b903e1cd8ff3cdb6ad661669bf679

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-3205e593.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 8518
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-2146"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-473c1798205ff326727f0724420251d8-5e6bdb511d24aee4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:38+00:00, 2024-04-26T11:34:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-ee98945f.js

185.244.209.62

200 OK

9.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-ee98945f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31683), with no line terminators
Size
9.2 kB (9208 bytes)
Hash
d3c3aac94c051ee7f8636cc09def5569
ec6b0f76c91ec8c1e859b5097fcb16880bab8ffd
362c43512ff662fd00faf50dd372769b9bf49d5884d302a6874dd1f4c6446b2b

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-ee98945f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 9208
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-23f8"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-facd9a7f9c6a0a4f2381810c3bed7bf9-9d50c1289f347299-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:18+00:00, 2024-04-26T13:25:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f30c51d3.css

185.244.209.62

200 OK

2.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/f30c51d3.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (17332), with no line terminators
Size
2.8 kB (2768 bytes)
Hash
8985eda76c9f1cd453bcd4d31f0a7c9f
97e0e4dfcff82550adbe8e5540b540ee7da43ef0
73c0eafd657a3ec8b6a5c121e5546beb3abad442a7a184c919d9880320cfa970

HTTP Headers

GET /_nuxt/desktop/default/css/f30c51d3.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: text/css
content-length: 2768
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-ad0"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f816c5deaa77bb6b800b9135d0634bf2-cca8c51607aab708-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:43+00:00, 2024-04-26T12:07:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-f64daa17.js

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-f64daa17.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (58193), with no line terminators
Size
14 kB (14306 bytes)
Hash
da45ffcd75ec93718dad20c271f04c18
ea32caab89822fd96185753cf3ee8ed75824e472
39b9027ae0581c1139f4fe2494d692ae833948f8534a3e3b6091408167d76799

HTTP Headers

GET /_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-f64daa17.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 14306
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-37e2"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e422139393b7a915ef518c8b41cc5733-5d8f7f3ee173c24e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:33+00:00, 2024-04-26T14:12:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/92a501bf.css

185.244.209.62

200 OK

2.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/92a501bf.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (11783), with no line terminators
Size
2.4 kB (2379 bytes)
Hash
6c49be4e90aaa352a7a35dc9f0aa9eff
1c74d93488d6a8f1745e6f95e8193a62c05ed740
7a565737116b21c0932994654fd8916144c0926c2bab60f42d36f294af61a32e

HTTP Headers

GET /_nuxt/desktop/default/css/92a501bf.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: text/css
content-length: 2379
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-94b"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b362ce94649741cdcf03fbfeda27adfc-b6d7d733c91819dd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:43+00:00, 2024-04-26T12:07:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/registration.Main-8d6d8844.js

185.244.209.62

200 OK

23 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/registration.Main-8d6d8844.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (23058 bytes)
Hash
29bc97801044b4707c0f7427c81dffcc
07b48f7cc45fee2c1caac1bd575e16113cb4a779
c6b5b31549586b8581a44ab95bdcdab8e783843870544bfaf65299a357d82aa2

HTTP Headers

GET /_nuxt/desktop/default/registration.Main-8d6d8844.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 23058
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-5a12"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2e3c98b0189bfa985cff7846ed304893-846323b556b604e9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:33+00:00, 2024-04-26T14:12:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css

185.244.209.62

200 OK

459 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1526), with no line terminators
Size
459 B (459 bytes)
Hash
97fdf5b6e7dfddf6ab251e984133b2c3
bb552fe685c52c34e0ed91e4dfaa9df2675ad086
92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3

HTTP Headers

GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: text/css
content-length: 459
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1cb"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:05:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-69df37896c72ae923581a514297cba21-340d44556753a344-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:05:16+00:00, 2024-04-26T15:00:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-d462d3ce.js

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-d462d3ce.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators
Size
17 kB (16830 bytes)
Hash
a53e75793287bf430c7d81e62a86551c
43ecdd497e27c96d3c886a1ccf72dca7a9f2646b
7692da0b4d0d3168af9ce3f8d1eda4fc5ad04676e7ef7949eeb46d7be78cbeca

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.media-d462d3ce.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 16830
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-41be"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2d0497eeec6453c09821927e7e0110e5-0080c32f861c98aa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:38+00:00, 2024-04-26T11:28:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7000), with no line terminators
Size
1.5 kB (1486 bytes)
Hash
f379bc6f4b94f34d96f6fe51159bee63
f4c0d4dbef1e1e734e84e05d75e4ff950d06eb60
b2a5bd6495250a19500dd5a6ca62f045c8b70226a668dc63ef40c78883bdae11

HTTP Headers

GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: text/css
content-length: 1486
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-5ce"
content-encoding: gzip
expires: Sat, 27 Apr 2024 14:33:21 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-85976490ecaada9ec381244db5d9e3ff-83f69b371b61f914-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T14:33:21+00:00, 2024-04-26T16:13:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.media-fd9299c8.js

185.244.209.62

200 OK

4.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.media-fd9299c8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16761), with no line terminators
Size
4.7 kB (4729 bytes)
Hash
1c5f0f2576f85aa05256ef8412e1a80e
e3fe4363d03125724ee18ca063552d21b11c791f
aced4150b67a0055a6baca50f790709de03a987b56a894479db35c63dff31455

HTTP Headers

GET /_nuxt/desktop/default/betting.media-fd9299c8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 4729
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-1279"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2309a688279614b4a65fb43abae88d40-410d0e064b461fd9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:38+00:00, 2024-04-26T11:28:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/analytics-1d085c09.js

185.244.209.62

200 OK

2.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/analytics-1d085c09.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6444), with no line terminators
Size
2.4 kB (2434 bytes)
Hash
7c3b6253af0f87ab95db1b7ecb5e071c
4316078471b261fbd6b751a6b9fe613389451dca
15923078094e7c2a29dc16315acfaeed3111e1202f23accb243c9249c03e2095

HTTP Headers

GET /_nuxt/desktop/default/analytics-1d085c09.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-982"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:44 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-400e078b27002eee86a094651f6fcbb7-a7e967ed91445516-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:44+00:00, 2024-04-26T11:28:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4

142.250.74.168

200 OK

106 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10899)
Size
106 kB (105564 bytes)
Hash
9a150b01985478c4017adaed648aea50
2979462d0d261f9f0b96196665c9432b532dbcd6
e77bbbd5f4d5517e56449d05f7e5f67a9624f7000f629b944abd88f7eff83e83

HTTP Headers

GET /gtag/js?id=G-5671CMJ6T4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 22:39:48 GMT
expires: Fri, 26 Apr 2024 22:39:48 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 105564
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-1489498.top/session-api/sessions/user

103.172.117.176

200 OK

16 B

URL GET HTTP/2
1xlite-1489498.top/session-api/sessions/user
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
646b2e82b65602d35f7aa6283c387e3a
b163a70c5df8e4b0861a23a04f8a6f78393747f4
b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:16 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.244068145752, wf-uht;dur=0.360
X-Firefox-Spdy: h2

1xlite-1489498.top/bff-api/event-logo/v2/suitable.json?lang=en

103.172.117.176

200 OK

2 B

URL GET HTTP/2
1xlite-1489498.top/bff-api/event-logo/v2/suitable.json?lang=en
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:16 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=16.34, dt_total;dur=17.239, wf-uht;dur=0.369
traceparent: 00-4cc6209afa7e61834340715e870d1b48-4afcd88f9bbe6447-01
x-dt: 1014
x-time-ng: 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-1489498.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=1014&lng=en&fCountry=137

103.172.117.176

200 OK

155 B

URL GET HTTP/2
1xlite-1489498.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=1014&lng=en&fCountry=137
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
155 B (155 bytes)
Hash
d9c4e764d0719887a701a2fd57d2ed20
dd9132eb122454d6202e18dc89cf3f813bd28eea
bfb3eb33d14d3606f7ef2f2ebf7194a6eba1837022e2cce1a5adaebff4226d10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=1014&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:16 GMT
content-type: application/json; charset=utf-8
content-length: 155
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.376
X-Firefox-Spdy: h2

widget.suphelper.top/sounds/new-message.mp3

104.18.39.72

200 OK

30 kB

URL GET HTTP/2
widget.suphelper.top/sounds/new-message.mp3
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
MPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo
Size
30 kB (29952 bytes)
Hash
ef9af24dc7dbd24ffd99c832e1300351
f78744a5013038446c468de14f205f2d52373fd6
5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9

HTTP Headers

GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"7500-18f123218ff"
cf-cache-status: HIT
age: 2343
expires: Sat, 27 Apr 2024 02:39:48 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa122a1da0b521-OSL
X-Firefox-Spdy: h2

1xlite-1489498.top/web-api/api/v3/bonuses/first-deposit

103.172.117.176

200 OK

380 B

URL GET HTTP/2
1xlite-1489498.top/web-api/api/v3/bonuses/first-deposit
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
380 B (380 bytes)
Hash
64badff8139de6a3f0c41593fdbe1763
2bc355b44b2ba25e38279881537d8630e8450770
ed14bd501caa865bb152bbb4d0df247714fbaf5c1b622036a8118044dafaa152

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:16 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=44, dt_total;dur=46.644, wf-uht;dur=0.400
traceparent: 00-42d79b46e9f6bc2a33e9db3fb4f23e0d-4559ee3bad4e5577-01
vary: Accept-Encoding
x-dt: 1014
x-time-ng: 0.047
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js

104.18.39.72

200 OK

9.8 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
9.8 kB (9775 bytes)
Hash
a246fca424f22ccc9dcd93dcfa4c30b5
b7a1703cdcc41cbf3955839273f4238e0bad62c4
ebecf4fafc2a5f451b7b0c05d337f08602943f47bb21775f225abb5ab7376427

HTTP Headers

GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"8f42-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13543930
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12296d19b521-OSL
X-Firefox-Spdy: h2

1xlite-1489498.top/checker/redirect/stat/run/

103.172.117.176

200 OK

46 B

URL GET HTTP/2
1xlite-1489498.top/checker/redirect/stat/run/
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
46 B (46 bytes)
Hash
741934b89418d344f6b45d01fe7ddae7
2875d1bff3ba4850c36d335664cb596c17eb6fcf
488059f86ea7968767b02087d83b3e500aa5b3686e6b2522d967ff80eb6c6af9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1920; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:15 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-time-ng: 0.001
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.352
X-Firefox-Spdy: h2

radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

271 B

URL GET HTTP/1.1
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
271 B (271 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 22:39:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Fri, 10 May 2024 22:39:49 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/9e477dd484efe886c80eeb62f0556b1d.json

103.172.117.176

200 OK

543 B

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/9e477dd484efe886c80eeb62f0556b1d.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
543 B (543 bytes)
Hash
2f999350fc2eea344d910e8a01de406d
bcfeaa8fadc7ca87115d7e36c955bd0df504b8ad
c73c55fa3a522662241013a108e6043dd4cde3fbfa2be0ed4a4940582e26ed36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/9e477dd484efe886c80eeb62f0556b1d.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
content-length: 543
last-modified: Thu, 29 Feb 2024 14:18:24 GMT
etag: "2f999350fc2eea344d910e8a01de406d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/c78e89426b7272fe3cdc7279db30e772.json

103.172.117.176

200 OK

822 B

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/c78e89426b7272fe3cdc7279db30e772.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
822 B (822 bytes)
Hash
be781196159e458a9a157a93f6981363
54b5bb6ddb54aefb6dc1eeeab89afdf48079e959
71bf1763541ee0d4298863f03c291b09029668d448e8077518717b8810ac910f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/c78e89426b7272fe3cdc7279db30e772.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
content-length: 822
last-modified: Mon, 08 Apr 2024 09:19:19 GMT
etag: "be781196159e458a9a157a93f6981363"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/219d74925ec6dfefb5ffe2ad29b81d95.json

103.172.117.176

200 OK

499 B

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/219d74925ec6dfefb5ffe2ad29b81d95.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
499 B (499 bytes)
Hash
e3d17d66f9e675ca9273e04470203275
e676da597ad577652921e9af98e79b986ec158ae
5c26acb3823aedc062268da24385061135d42171888bb5f5a0a8f63ba09c67d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/219d74925ec6dfefb5ffe2ad29b81d95.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
content-length: 499
last-modified: Thu, 12 Oct 2023 09:49:45 GMT
etag: "e3d17d66f9e675ca9273e04470203275"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/3c53eb99a87acc2d8bfd3341cbf28f21.json

103.172.117.176

200 OK

182 B

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/3c53eb99a87acc2d8bfd3341cbf28f21.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
182 B (182 bytes)
Hash
e4c69ca8e3916987138c95a26642f53a
411149ef1233c191122618916dc7fa4965a30f7c
9bbbe99b83a20d3d0bd65ab0b343de560c6d437a74a4835786bbd6a58bb0e08e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/3c53eb99a87acc2d8bfd3341cbf28f21.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
content-length: 182
last-modified: Thu, 12 Oct 2023 09:49:43 GMT
etag: "e4c69ca8e3916987138c95a26642f53a"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/f65e589f19d4dcb59cbf4f8ae18d4333.json

103.172.117.176

200 OK

958 B

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/f65e589f19d4dcb59cbf4f8ae18d4333.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
958 B (958 bytes)
Hash
24ec1c171afe6836881e2fba1ed559a0
588a08d22de446d484f8f51402994f37ff2527c2
a0c14f5476683e6eb7381c1820c0e914c02911ab9d24170e61548e661017f96f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/f65e589f19d4dcb59cbf4f8ae18d4333.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
content-length: 958
last-modified: Thu, 12 Oct 2023 09:49:44 GMT
etag: "24ec1c171afe6836881e2fba1ed559a0"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/3589ff2f238b900cb3a2b2083d68225f.json

103.172.117.176

200 OK

184 B

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/3589ff2f238b900cb3a2b2083d68225f.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
184 B (184 bytes)
Hash
36777c63209967831ddd2926e229b69b
7a59de3bd5fd0406a1becbd4fc6bdb49a996a0fa
c2087429233dc14f1ad96cf9b7d1f4ecf0f32fabab7fc37999644a488d10dbc2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/3589ff2f238b900cb3a2b2083d68225f.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
content-length: 184
last-modified: Thu, 09 Nov 2023 06:29:48 GMT
etag: "36777c63209967831ddd2926e229b69b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js

104.18.39.72

200 OK

24 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
24 kB (23564 bytes)
Hash
30177575dc6dc0f819853ade83e08148
c3f749d661c54f345534c447ec87be44367f09e9
7f29193b5969690f36b4fa832ccbe2b2ad65c2830f15ab0c98621c229d3a2b58

HTTP Headers

GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 145327
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12265ad1b521-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-7362e1b3.js

185.244.209.62

200 OK

7.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-7362e1b3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32231), with no line terminators
Size
7.4 kB (7382 bytes)
Hash
c3e01e6e097f5a585124308c10012158
287b213e764ccf6e8ced681e607e13c9361012e3
d47aa2eb2bd5e89961eec64f44c0777d0104dfc7ff5e7740a86bb92d763177b3

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-7362e1b3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 7382
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-1cd6"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d4fb06185b7d84bf92b21fae4647a05f-89439f51337f30bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:38+00:00, 2024-04-26T11:28:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/injector.js

104.18.39.72

200 OK

72 kB

URL GET HTTP/2
widget.suphelper.top/injector.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
72 kB (72445 bytes)
Hash
78b76150482268cfac0afa419a82847c
7155086bb5771512d79fb4a62d2b0a5332b4a752
0d6e309ba650cec748c06df30c6fd1f23e5b8d446a1604ae144236236a5d246b

HTTP Headers

GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"32e7a-18f123218ef"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 5
expires: Sat, 27 Apr 2024 02:39:47 GMT
server: cloudflare
cf-ray: 87aa1223f954b521-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/common.svg

185.244.209.62

200 OK

69 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
69 kB (69055 bytes)
Hash
6630130db2a0b96faab78c6a6ac27648
0bb94924aa89d349870e0ae0bfc02e76a5b7a216
5b8148855e307ddba04a210e2390dfa7f1dbc24006a9ba037ee8aab59a722416

HTTP Headers

GET /sys-icons/1.0.328/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:47 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ffd485f3909d242edcfb3117c6c605e2-ad003a7b1beaac24-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:01+00:00, 2024-04-26T11:22:53+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/country.svg

185.244.209.62

200 OK

62 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/country.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
62 kB (61802 bytes)
Hash
60caf0d666af828706b3d83c428a31e4
0f687988f8e835cb514794a4dbf7bb98613865f2
493ff1845dd1167680740cc525f4fb69ecdc4332265e83e76c26296a5001a602

HTTP Headers

GET /sys-icons/1.0.328/285/country.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:50 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"60caf0d666af828706b3d83c428a31e4"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:03 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-48a0e8340b4759f9cf7d23f2acc7e625-ce0455d72a0679a3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:03+00:00, 2024-04-26T11:06:30+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/42d3f7adfed28fc5914f9d930f18865d.json

103.172.117.176

200 OK

683 B

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/42d3f7adfed28fc5914f9d930f18865d.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
683 B (683 bytes)
Hash
dad3a9b077bc630619a2f0a6422b65ae
21ed76245ef3e318fe37ac6d145ffebeac627956
8db3ba27ae59a7f93f8dbe2f9a499b4e028717aa6c139eef0b78e1ec09eca758

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/42d3f7adfed28fc5914f9d930f18865d.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 28 Nov 2023 09:54:59 GMT
etag: W/"dad3a9b077bc630619a2f0a6422b65ae"
content-encoding: br
x-time-ng: 0.007
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171187982&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1042366253.1714171188&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&sid=1714171188&sct=1&seg=1&dl=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D3gg29s24lib84%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-1489498.top&dp=%2Fen%2Fregistration%3Ftype%3Dphone&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=10560

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171187982&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1042366253.1714171188&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&sid=1714171188&sct=1&seg=1&dl=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D3gg29s24lib84%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-1489498.top&dp=%2Fen%2Fregistration%3Ftype%3Dphone&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=10560
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171187982&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1042366253.1714171188&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&sid=1714171188&sct=1&seg=1&dl=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D3gg29s24lib84%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-1489498.top&dp=%2Fen%2Fregistration%3Ftype%3Dphone&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=10560 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-1489498.top
date: Fri, 26 Apr 2024 22:39:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1xlite-1489498.top/web-api/registration/fields

103.172.117.176

200 OK

13 kB

URL POST HTTP/2
1xlite-1489498.top/web-api/registration/fields
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
13 kB (13341 bytes)
Hash
2887af802d3ce16a4456cf47936f6e45
58e907105e7e5b97315e2528db24101c006045c1
c90eb1721db4daeb5d169830417690aadec2ab01ade7d2b52ba4fb25754dd2da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration/fields HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 20
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=79, dt_total;dur=81.981, wf-uht;dur=0.438
traceparent: 00-987a10e70161075a2740cf7a74b33492-2b39298c587168bb-01
vary: Accept-Encoding
x-dt: 1014
x-time-ng: 0.081
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-1489498.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

103.172.117.176

200 OK

23 B

URL POST HTTP/2
1xlite-1489498.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
19bc2411be7da9a880c71594af2bc632
511d23c49856569de30707dc9ebe58ff7a3e5788
608450904629653008acb80a1b85ec1159042354c98c6fdd8709c44ea470b574

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?type=phone
Content-Type: application/json
X-Lang: en
X-Uuid: ca0c6f94-87b2-4550-988e-307aee7c4aa7
Content-Length: 263
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.1.1714171191.57.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:21 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.378
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js

104.18.39.72

200 OK

39 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
39 kB (39073 bytes)
Hash
36ba12c832c68fada96814afeca57c2f
3a8bd4dd918efc90d2da3feff0dad2a6ddd791ab
7e84669adcc8d3453ab26e6b9034e2ac6e5ed402c1ad1834fca831bd186ca7c8

HTTP Headers

GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13454655
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12263abab521-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/

104.18.39.72

200 OK

100 kB

URL GET HTTP/2
widget.suphelper.top/
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
100 kB (99938 bytes)
Hash
add5d529f3a2344ba0bde30eec9abc06
a529b6a62250ee12934273ac2a604aac334d0fdc
8813615cf1b40fd754209cdc518626824c06231b8464978a91bb95565aba45d6

HTTP Headers

GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87aa12255a28b521-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1xlite-1489498.top/

103.172.117.176

0 B

URL
1xlite-1489498.top/
IP
103.172.117.176:0
ASN
#8849 Melbikomas UAB

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 26 Apr 2024 22:39:15 GMT
cache-control: no-cache
location: /en
reason-v3: empty_lang
server-timing: total;dur=0;desc="Nuxt Server Time", dt_total;dur=6.481, wf-uht;dur=0.380
traceparent: 00-1f3eb9e8535d1c21c5e24eec12c2906e-42a47a3b790481e7-01
x-dt: 1014
x-frame-options: SAMEORIGIN
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
set-cookie: platform_type=desktop; Path=/; Expires=Mon, 29 Apr 2024 22:39:47 GMT; Secure; SameSite=None; Partitioned
auid=Z6x1sGYsLRNSV+ACA1X8Ag==; path=/; secure; httponly; samesite=lax
X-Firefox-Spdy: h2

1xlite-1489498.top/hd-api/external/api/web/v1/converslon/load

103.172.117.176

200 OK

77 kB

URL GET HTTP/2
1xlite-1489498.top/hd-api/external/api/web/v1/converslon/load
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
77 kB (77403 bytes)
Hash
4dee7a0552d05407fbe0a83efb07a206
eee3549cddd56ec1b76b45d67d23523de597d18e
1b07b3eb6d210454c4cc8cae5899d3780cb41c7700de86b9626aba4c9bc598d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?type=phone
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.1.1714171191.57.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:25 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-612a23dea790ddaf4cf302890ab91f4e-d26ff84dc2e750f2-01
vary: Accept-Encoding
x-dt: 1014
x-request-guid: 35fa65ee9c5f2bfd58b75b8693e05878
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=11.983, wf-uht;dur=0.382
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171187982&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1042366253.1714171188&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftype%3Dphone&dr=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D3gg29s24lib84%26r%3Dregistration&sid=1714171188&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-1489498.top&dp=%2Fen%2Fregistration%3Ftype%3Dphone&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=15562

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171187982&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1042366253.1714171188&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftype%3Dphone&dr=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D3gg29s24lib84%26r%3Dregistration&sid=1714171188&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-1489498.top&dp=%2Fen%2Fregistration%3Ftype%3Dphone&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=15562
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171187982&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1042366253.1714171188&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftype%3Dphone&dr=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D3gg29s24lib84%26r%3Dregistration&sid=1714171188&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-1489498.top&dp=%2Fen%2Fregistration%3Ftype%3Dphone&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=15562 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-1489498.top
date: Fri, 26 Apr 2024 22:39:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:57 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bb804473241b120a9b492c81973badcf-b3bf0b3819b17827-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-04-26T22:27:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css

185.244.209.62

200 OK

72 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
72 kB (71602 bytes)
Hash
9843e1711fe7fe921d9996af92a82f27
855c2065ba967d639c683c95c4ab04fd53017e53
703e15d7329a31f55fa958b2e5e4a6c7cbef5ccba9a0ae1a09a4bf5d7730d3c3

HTTP Headers

GET /genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: text/css
last-modified: Fri, 05 Apr 2024 07:40:06 GMT
etag: W/"4610c92e7697e57d1149e233ef5edab2"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-63051d6a3c152e4b3d60652d9f4cf484-16bd0d49c4964e44-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-05T09:04:13+00:00, 2024-04-26T22:04:59+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-1489498.top/web-api/registration

103.172.117.176

200 OK

65 kB

URL POST HTTP/2
1xlite-1489498.top/web-api/registration
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
65 kB (65354 bytes)
Hash
2eeca171226c4fd257cf8a8a72f242b6
7d2cd0f036e3ea32c8ee3960f09eb03bb2de69b6
2f38049bff751c17bbdc8f444f179545f5cfc6e14d75f72cfcbdfc832339583c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 18
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:17 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=32, dt_total;dur=52.988, wf-uht;dur=0.433
traceparent: 00-d72889712fcd0753ffd7b6166859d9ff-25245f36dda28a14-01
x-dt: 1014
x-time-ng: 0.052
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-1489498.top/web-api/user/getphonecountries

103.172.117.176

200 OK

4.8 kB

URL GET HTTP/2
1xlite-1489498.top/web-api/user/getphonecountries
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
4.8 kB (4835 bytes)
Hash
be82d4ba2c97d9d41c2db58fcc068304
bbfe761f79089334a2a634583f44f83f849ac75f
151fb31acc40be070f1c9e1782da074347e9d31e8d1f9924eaf44080eaadd3bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/user/getphonecountries HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?type=phone
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.1.1714171190.58.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:19 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=37, dt_total;dur=75.492, wf-uht;dur=0.421
traceparent: 00-93b170dc4845353afabfb2f6a0234f05-cb35ec02c8198c2d-01
x-dt: 1014
x-time-ng: 0.041
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-1489498.top/hd-api/external/api/web/v1/j/f4fj7e691j719e584c950e6b4bb93304ee56e624ea197c784959

103.172.117.176

200 OK

520 B

URL POST HTTP/2
1xlite-1489498.top/hd-api/external/api/web/v1/j/f4fj7e691j719e584c950e6b4bb93304ee56e624ea197c784959
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
520 B (520 bytes)
Hash
73f6216a77163a4fc1850be60dadda3f
8565df42d6443a15ce83dc3cdbff8ff022d77b66
230d7f79109d3b6a6ecaf19d0ed564b7caca46c9586c1b0266a6b6edc246e775

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/api/web/v1/j/f4fj7e691j719e584c950e6b4bb93304ee56e624ea197c784959 HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?type=phone
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105916
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.1.1714171191.57.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:29 GMT
content-type: application/json
content-length: 520
content-encoding: gzip
traceparent: 00-490ae4ab693ed784c998bb5440a4633f-c5126a21d134a605-01
vary: Accept-Encoding
x-dt: 1014
x-request-guid: d2d0203baf834eba949c82457d3455de
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=7.186, wf-uht;dur=1.540
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/91887e4d049994310fb3e7b861857613.json

103.172.117.176

200 OK

8.1 kB

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/91887e4d049994310fb3e7b861857613.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
ASCII text, with very long lines (8926), with no line terminators
Size
8.1 kB (8075 bytes)
Hash
33a8d84b65be76b07b379586ce0f30f4
d3c3a3a7c188444d7c25961a62149b97f9de1725
8cbf747c3e3ffa25baee745930d5855d78ec027e3e0c6e0bc69bfde8bc16aeaa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/91887e4d049994310fb3e7b861857613.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 13 Dec 2023 14:56:04 GMT
etag: W/"a60fb63e7c35ba8cdb1d0851ff960b1b"
content-encoding: br
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-1489498.top/web-api/user/secure

103.172.117.176

200 OK

59 B

URL POST HTTP/2
1xlite-1489498.top/web-api/user/secure
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
59 B (59 bytes)
Hash
260321e3c7211da08bb818ebacb1d1f4
c8cf04e9627be423a924d6038ee86eef1aef7317
0afde3f3fb09a356b52a6277f56cebef4ee69f3d14f60a3343d9ec02737dd065

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/user/secure HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:16 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=15, dt_total;dur=16.651, wf-uht;dur=0.385
set-cookie: _glhf=1714188964; expires=Fri, 26-Apr-2024 23:39:48 GMT; Max-Age=3600; path=/
traceparent: 00-fa8644a9fc5f666bdd87905756b9c988-f934da63f4359a1b-01
vary: Accept-Encoding
x-dt: 1014
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_buildManifest.js

104.18.39.72

200 OK

519 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_buildManifest.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with very long lines (547), with no line terminators
Size
519 B (519 bytes)
Hash
063abc9f05b28326f5878dcd728ca1f7
321099ea5d4fa6792974fd44503ffb3e75e5c5b0
73109b74c039aec5fc1e3f4e3c2e15585b1ba094f3e8291b0cd67f51b4b830c4

HTTP Headers

GET /_next/static/724286ac/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"207-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 145327
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12267af7b521-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js

104.18.39.72

200 OK

1.0 MB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
1.0 MB (1015847 bytes)
Hash
0a8ec60f8885a9417bae7ec2a3981f82
ef0fa91cda49946611fe1cd09819cfdaf8a1c6f5
15d73072cdad0ee70bdc75731a1c2d81326b0b1391b668cd36c639a321105259

HTTP Headers

GET /_next/static/chunks/pages/_app-a10a22844227e6a6.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"f8027-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 145327
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12263abcb521-OSL
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/09bf77b81e7920c568b184caf3764a89.json

103.172.117.176

200 OK

249 B

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/09bf77b81e7920c568b184caf3764a89.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
ASCII text, with no line terminators
Size
249 B (249 bytes)
Hash
d68ec9c7edcaefee7edfd7342e36d236
094fbce1fd6dd26d7bfeac563201d9f87df197bc
2d88c53c23a864e2464d5a72a1089437617fd164b4f19ee4938e79307e3c701e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/09bf77b81e7920c568b184caf3764a89.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
content-length: 249
last-modified: Thu, 12 Oct 2023 09:50:01 GMT
etag: "2209ca3135f40bfbb67fd12b887402a9"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5171), with no line terminators
Size
5.2 kB (5171 bytes)
Hash
5d231bea9b7df6bc1e9e74e3c0a231e1
2ef607f0c766fff1b4b1e90a2d98e7094c81721e
c43fd428fe6e9d25ddf385a1cf03891194126ebf9e83d086af655272e815445b

HTTP Headers

GET /_nuxt/desktop/default/css/e5eb737e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:50 GMT
content-type: text/css
content-length: 1050
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-41a"
content-encoding: gzip
expires: Sat, 27 Apr 2024 08:08:44 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4ef46dfa87ddcd260341162a8878a16a-6fb4ee5d0c1e517a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T08:08:44+00:00, 2024-04-26T10:42:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171187982&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1042366253.1714171188&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714171188&sct=1&seg=0&dl=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D3gg29s24lib84%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-1489498.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=9532

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171187982&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1042366253.1714171188&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714171188&sct=1&seg=0&dl=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D3gg29s24lib84%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-1489498.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=9532
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171187982&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1042366253.1714171188&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714171188&sct=1&seg=0&dl=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D3gg29s24lib84%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-1489498.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=9532 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-1489498.top
date: Fri, 26 Apr 2024 22:39:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/b93db8efd131892dfb89ef3d652f2806.json

103.172.117.176

200 OK

14 kB

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/b93db8efd131892dfb89ef3d652f2806.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
14 kB (14236 bytes)
Hash
5f6393bd6febc268d33cb235c7eec194
819eb4409582bcea038e527fd5859dde2d13e0e7
9ae42c0a8d88add1a2d54faab5d819c619cb2a2a1eec7595fe1029a91449efb0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/b93db8efd131892dfb89ef3d652f2806.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 14 Nov 2023 06:33:18 GMT
etag: W/"5f6393bd6febc268d33cb235c7eec194"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js

104.18.39.72

200 OK

373 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
373 kB (372954 bytes)
Hash
36e4e2c2a2498b008514f1f0250c8018
cfa53d1c8533fb5941d9ff4f1e45e8c831658693
42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0

HTTP Headers

GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 2558282
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12265acfb521-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_ssgManifest.js

104.18.39.72

200 OK

77 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_ssgManifest.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
b6652df95db52feb4daf4eca35380933
65451d110137761b318c82d9071c042db80c4036
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

HTTP Headers

GET /_next/static/724286ac/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"4d-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 145318
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12267af9b521-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-000a2948.js

185.244.209.62

200 OK

199 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-000a2948.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
199 kB (198582 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_nuxt/desktop/default/vendors/conversion-000a2948.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 66631
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-10447"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:55 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d2f1e3e0a4a3ffbceeff588ebd0d8784-88298ea8b031d4c5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:55+00:00, 2024-04-26T11:34:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/ff9ed0b8ab3d4464043a8c763445a216.json

103.172.117.176

200 OK

2.1 kB

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/ff9ed0b8ab3d4464043a8c763445a216.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
ASCII text, with very long lines (2345), with no line terminators
Size
2.1 kB (2128 bytes)
Hash
f28a40d30a99fab8a5ccced08db52f77
063e77333797a10e097679a1e4d17269fc6d3b6b
a46ea2afe2103a473c90b17137f840e29d578a74d191daac521d45e9d3cf1d6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/ff9ed0b8ab3d4464043a8c763445a216.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:14 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:43:14 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-1489498.top/web-api/default/img/icons/pixels2.svg?v=1714171187

103.172.117.176

200 OK

90 B

URL GET HTTP/2
1xlite-1489498.top/web-api/default/img/icons/pixels2.svg?v=1714171187
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
90 B (90 bytes)
Hash
e45f90dcbe718dea3476c4b69b501a4e
e9af26a93c467a77e4733ec537f4f5ce7a4ba089
a439dd8761d9fd4ff88e82e83200877703594491065880dbd4e59ddf4ce1b204

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1714171187 HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:16 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=13, dt_total;dur=14.788, wf-uht;dur=0.382
traceparent: 00-761d30963395f311e5f0f68df6aa3c77-7bd63e7e5cc8f6dc-01
x-dt: 1014
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-1489498.top/web-api/api/v3/bonuses/welcome-bonuses

103.172.117.176

200 OK

675 B

URL GET HTTP/2
1xlite-1489498.top/web-api/api/v3/bonuses/welcome-bonuses
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (769), with no line terminators
Size
675 B (675 bytes)
Hash
e59fab50915de795604ed2ed8ec04120
6ffd501793c27d8f12813d1fe187cb74c30559e1
9508e5f7161a6ee01c551aafe5c78368ae787205bbdf54a5ec9e0caf3358eab0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/welcome-bonuses HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:16 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=21, dt_total;dur=54.164, wf-uht;dur=0.536
traceparent: 00-4032fce28288d021a2eaeddde7ab789f-61895759ddb4293e-01
x-dt: 1014
x-time-ng: 0.040
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js

104.18.39.72

200 OK

78 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77801 bytes)
Hash
dc6852529f28802d37affa5953d07260
4edd220fe8df4b009a1775ebe57f19d40999659f
4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84

HTTP Headers

GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"12fe9-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8698591
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12264ac4b521-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-animations/game-85-animation.svg

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-animations/game-85-animation.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
14 kB (14308 bytes)
Hash
9e7af5cc8f19e556b8696b1f616368bb
5dfc0391d0b038c0a854280a40cd89a6e5ed970e
bfb06010ec5c7f94e57ce0ee75b270c76559d76e8e49e8085866bc11408345fb

HTTP Headers

GET /sfiles/games-images/game-animations/game-85-animation.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Jan 2024 13:34:39 GMT
etag: W/"9e7af5cc8f19e556b8696b1f616368bb"
x-amz-meta-origin-date-iso8601: 2024-01-24T13:05:40.000Z
expires: Fri, 19 Apr 2024 00:06:27 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-24d1ac63a8acbedf5885592680056634-fe088ef5288968a1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T03:23:59+00:00, 2024-04-26T00:36:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

390 B

URL GET HTTP/1.1
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type

Size
390 B (390 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 26 Apr 2024 22:39:48 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Fri, 26 Apr 2024 22:49:48 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1232 bytes)
Hash
a436db0af736498349f0127d8e7fab1e
b07e2c449cf16ddb052ce40d881db13a0c890b9b
93261a519c1cea62e2c934496d5e0cbd1cbc8f65b4961811316e55d9e7c96ede

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:45 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e5bec2981b34d54c9d704418c196d103-4825b9d3a250becf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-11T08:32:05+00:00, 2024-04-26T22:14:44+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/1a5d8786c28b21b86c95c5bc2540a70e.json

103.172.117.176

200 OK

1.0 kB

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/1a5d8786c28b21b86c95c5bc2540a70e.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
ASCII text, with very long lines (1143), with no line terminators
Size
1.0 kB (1046 bytes)
Hash
533208f94c3264028f9329b6fbb58515
3f0caf33232924706c8a783e08d747ed9107826b
6fa6b3635c5a9a1e019c99d1d217f74a8aba28d8ffd260db817ef1079644a7b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/1a5d8786c28b21b86c95c5bc2540a70e.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 12 Oct 2023 09:49:52 GMT
etag: W/"f117f2ecd3a10db0e2d79159b68fcf2f"
content-encoding: br
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js

104.18.39.72

200 OK

92 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
92 B (92 bytes)
Hash
7c3f7e060745668041278118c0bb3d6d
e639f56695b3cc30d78dce7a0084aa8299a1311a
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a

HTTP Headers

GET /_next/static/724286ac/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"5c-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 145327
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12267afbb521-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/bf6e140304ed88a0b66873312e0f6267.json

103.172.117.176

200 OK

3.3 kB

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/bf6e140304ed88a0b66873312e0f6267.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
ASCII text, with very long lines (3653), with no line terminators
Size
3.3 kB (3312 bytes)
Hash
8bc0581ca207c024d54d75ca53390160
62d322fceed2d7d960548e0b2216a814f68c3b31
a97dc7805fc7bb366b277032e2f95d95418bdde4db7837a7ba9b3b18c9e33e95

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/bf6e140304ed88a0b66873312e0f6267.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 07 Mar 2024 10:46:17 GMT
etag: W/"becb2e7c22d23ed7b8c378c346c643f1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-1489498.top/seo-module-api/api/v1/title?group_id=1014&ref_id=1&url=https:%2F%2F1xlite-1489498.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-1489498.top&timezone=2&stream=user&section=registration&ref[id]=1&project[id]=1014

103.172.117.176

200 OK

121 B

URL GET HTTP/2
1xlite-1489498.top/seo-module-api/api/v1/title?group_id=1014&ref_id=1&url=https:%2F%2F1xlite-1489498.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-1489498.top&timezone=2&stream=user&section=registration&ref[id]=1&project[id]=1014
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
121 B (121 bytes)
Hash
0d1dc6733e6e56b0f4d66cd1c94a26ae
e4452693b59930f4bb3179bf2e612dd9cfbc27af
8d26498fb4b2c76bf7fffdfbc19283619f13d206bb4b4931dd58f73e7d3b0cd3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/v1/title?group_id=1014&ref_id=1&url=https:%2F%2F1xlite-1489498.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-1489498.top&timezone=2&stream=user&section=registration&ref[id]=1&project[id]=1014 HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?type=phone
content-type: application/json
x-requested-with: XMLHttpRequest
x-geoip2-country-code: ru
sub-request-id: 30e97910679b4e9798d1d2750d7d9056
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.1.1714171190.58.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:19 GMT
content-type: application/json
content-length: 121
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: en344f61be63ec98a1b8df732cd1394cf2
age: 0
x-request-id: 515038c635ddae6b30301b40e833b640
x-request-guid: 515038c635ddae6b30301b40e833b640
x-time-ng: 0.023
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=15.070915222168, wf-uht;dur=0.365
X-Firefox-Spdy: h2

1xlite-1489498.top/web-api/session

103.172.117.176

204 No Content

0 B

URL GET HTTP/2
1xlite-1489498.top/web-api/session
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?type=phone
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.1.1714171191.57.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Fri, 26 Apr 2024 22:39:24 GMT
cache-control: no-cache, private
server-timing: p;dur=13, dt_total;dur=21.036, wf-uht;dur=0.384
traceparent: 00-a68868c181b6c8cf73dacb4eda18c620-72df1906fcaea011-01
x-dt: 1014
x-time-ng: 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/a98bc67886114a8868c89c8a884b956b.json

103.172.117.176

200 OK

36 kB

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/a98bc67886114a8868c89c8a884b956b.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
36 kB (36003 bytes)
Hash
82be680bc6bd32b65cef0e3bda368678
5f5ac335405d9c792b43b6aee8d5ab64ac42e5ba
12800d3ad8e368dc1541e334f8f6f669549da16f62b4dae2ebb9929bd88322c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/a98bc67886114a8868c89c8a884b956b.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 30 Oct 2023 14:22:16 GMT
etag: W/"82be680bc6bd32b65cef0e3bda368678"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js

104.18.39.72

200 OK

3.8 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (3855), with no line terminators
Size
3.8 kB (3792 bytes)
Hash
7288e202ab8e4cf1b7f60eed709e0986
c10effeb29bf129a7c81688b9f3a7d5485272e87
56e695b4675b50d55a92f006109771a67da822050f5ae03fd2ad02c1a9565b58

HTTP Headers

GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13545777
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12263ab7b521-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js

104.18.39.72

200 OK

481 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
481 kB (480579 bytes)
Hash
46260bb46d51262abee818c0c3bcf1c6
fe3be222aec74704fad1fa2559788b1fa287094a
20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c

HTTP Headers

GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8696136
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12264ac1b521-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js

104.18.39.72

200 OK

10 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (10533), with no line terminators
Size
10 kB (10533 bytes)
Hash
54b2d4e92e16d2ea51898124107af46a
ab4225b696e63c9040de1511fa229cf65b4d3750
e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662

HTTP Headers

GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8698591
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12264ac8b521-OSL
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171187982&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1042366253.1714171188&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714171188&sct=1&seg=0&dl=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D3gg29s24lib84%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-1489498.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=7178

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171187982&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1042366253.1714171188&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714171188&sct=1&seg=0&dl=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D3gg29s24lib84%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-1489498.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=7178
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714171187982&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1042366253.1714171188&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714171188&sct=1&seg=0&dl=https%3A%2F%2F1xlite-1489498.top%2Fen%2Fregistration%3Ftag%3Dd_3052235m_14189c_%255B%255DALL%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D_d118528_l140523_pop_up%26pb%3D632760c2e06b41528df9974c2b04d9d1%26click_id%3D3gg29s24lib84%26r%3Dregistration&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-1489498.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=7178 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-1489498.top
date: Fri, 26 Apr 2024 22:39:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js

104.18.39.72

200 OK

141 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
141 kB (140949 bytes)
Hash
896d1930437c1ab92b8a359c1d6fdaae
71e0e23d1af9722f356eb5d1c497d100ec8b0f7a
8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4

HTTP Headers

GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 Nov 2023 12:45:49 GMT
etag: W/"22695-18b9011853a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13545777
expires: Sat, 26 Apr 2025 22:39:48 GMT
server: cloudflare
cf-ray: 87aa12263ab9b521-OSL
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/9738fb0b26057cbf02906c37f01c48c0.json

103.172.117.176

200 OK

2.6 kB

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/9738fb0b26057cbf02906c37f01c48c0.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
ASCII text, with very long lines (2854), with no line terminators
Size
2.6 kB (2589 bytes)
Hash
ecacc4d3ca1ba475ef20875ff4225f06
528aa5b0070cfcd78034449c40533e51278cba2a
328065b0030c77de9cafba92ec86d89b32ca55f32a3a251cdb7687f1f44c4859

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/9738fb0b26057cbf02906c37f01c48c0.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 15:06:29 GMT
etag: W/"269ccea9c3f07d37d497b4911e5d6e0b"
content-encoding: br
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/2405307d341befdec906ab756304eca1.json

103.172.117.176

200 OK

1.3 kB

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/2405307d341befdec906ab756304eca1.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
ASCII text, with very long lines (1430), with no line terminators
Size
1.3 kB (1290 bytes)
Hash
1a52815ebb77ea854c52f2790c66736a
d375a57cee42a534bb41e36d665031d100ce9efc
0c9e8c1ae33dee3e84c55da6583bbff67d591c50a12434bcb4ca0daf27439e7c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/2405307d341befdec906ab756304eca1.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 18:35:47 GMT
etag: W/"dfe0c8d8abf7084df9e624f1f4065e59"
content-encoding: br
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration

103.172.117.176

200 OK

652 kB

URL User Request GET HTTP/2
1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type

Size
652 kB (651833 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:12 GMT
content-type: text/html; charset=utf-8
content-encoding: br
server-timing: total;dur=1087;desc="Nuxt Server Time", dt_total;dur=1298.105, wf-uht;dur=1.996
set-cookie: lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Tue, 25 Jun 2024 22:39:43 GMT
reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; Path=/; Expires=Fri, 26 Apr 2024 23:39:43 GMT
postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; Path=/; Expires=Sun, 26 May 2024 22:39:43 GMT
platform_type=desktop; Path=/; Expires=Mon, 29 Apr 2024 22:39:43 GMT; Secure; SameSite=None; Partitioned
auid=Z6x1sGYsLRCmNt/tA1X5Ag==; path=/; secure; httponly; samesite=lax
traceparent: 00-0271dd353629d4c7f59c3741c83e2b14-1d74bc9f1a4c6ee9-01
vary: Accept-Encoding
x-dt: 1014
x-frame-options: SAMEORIGIN
x-time-ng: 1.297
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/bonus.svg

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/bonus.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
16 kB (16347 bytes)
Hash
5dfc9cb3b4b0fdaa0ca8f0bebfaf0a6e
26203d2e2202d3235df633980f2ff038142c7a56
79196fff489b0c355e20bb232694b9df71bc6a4a905cb9018afdce4d7eb0ee30

HTTP Headers

GET /sys-icons/1.0.328/285/bonus.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-1489498.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"5dfc9cb3b4b0fdaa0ca8f0bebfaf0a6e"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:29 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-68777b09ce615faafd5eb6cc31da0689-7fd4d850f61561f5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:29+00:00, 2024-04-26T12:23:08+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%224381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386%22%7D

104.18.39.72

200 OK

24 B

URL GET HTTP/2
widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%224381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386%22%7D
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
d6bacfff68d40ad2744454c2506cc0f9
85f1f094d174fd4d78bd382c7948b95e9db93215
cd0483a083f6c73e9cd006ee073b875188c49f4025f771ecbcb795d40ac980ed

HTTP Headers

GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%224381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:39:48 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87aa12294d0bb521-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1042366253.1714171188&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1194992260

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1042366253.1714171188&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1194992260
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
FingerprintDE:35:DD:F6:8A:FF:6F:9D:0E:3D:27:DD:E2:B8:DE:CE:A4:6A:C8:C9
ValidityMon, 08 Apr 2024 07:44:18 GMT - Mon, 01 Jul 2024 07:44:17 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1042366253.1714171188&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1194992260 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 26 Apr 2024 22:39:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/54bf5bf5f3fa339f4ef49e8744f922b8.json

103.172.117.176

200 OK

3.5 kB

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/54bf5bf5f3fa339f4ef49e8744f922b8.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
ASCII text, with very long lines (3821), with no line terminators
Size
3.5 kB (3484 bytes)
Hash
f342ac5d01dcda4500f8848382fbf264
7e6b6104b4d0bf5308c9255611771bdb105517de
3710268c1a1858520b32780c7ce6c4bc0e456ce106be2b51c5554663b4c02a41

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/54bf5bf5f3fa339f4ef49e8744f922b8.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 06:40:55 GMT
etag: W/"4ceca6711e35f002e5d82e7e710000c1"
content-encoding: br
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-7d2adbe4.js

185.244.209.62

200 OK

40 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-7d2adbe4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (39925), with no line terminators
Size
40 kB (39925 bytes)
Hash
09f719ce338786eee766f484042e3ac0
205337e84727f25d00b53890d39012386860c183
aea7bb8d8fae31b8018b3d76ac917f939f9b2a8bb6928bbe7bb74f196ec1ea73

HTTP Headers

GET /_nuxt/desktop/default/vendors/Registration.Fields-7d2adbe4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-1489498.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 8881
last-modified: Fri, 26 Apr 2024 12:29:08 GMT
etag: "662b9e14-22b1"
content-encoding: gzip
expires: Sat, 27 Apr 2024 13:22:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e9e9a4e96cf59e3730f8078e1b26721e-93180cd7e4e23d4e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:22:34+00:00, 2024-04-26T13:26:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-1489498.top/web-api/api/web/v1/config/actualDomain

103.172.117.176

200 OK

272 B

URL GET HTTP/2
1xlite-1489498.top/web-api/api/web/v1/config/actualDomain
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
ASCII text, with very long lines (312), with no line terminators
Size
272 B (272 bytes)
Hash
e28ae6f47f45442233d36f77724268cc
14cd3f87746a52a8a2451acf9d0b070460f96174
8aa9582a987ed1f502d1fb35792d14d2aa6cad69b2063f2b626abf008adc08f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:15 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=15, dt_total;dur=16.089, wf-uht;dur=0.368
set-cookie: SESSION=b3e51fc21312409b0601212dd3dbad20; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-11605508d2c83920f951b957a525fd89-3da07d803006c0f4-01
x-dt: 1014
x-time-ng: 0.015
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/38a1d47bf9249d5af9e2926e86663ad9.json

103.172.117.176

200 OK

1.5 kB

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/38a1d47bf9249d5af9e2926e86663ad9.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
ASCII text, with very long lines (1638), with no line terminators
Size
1.5 kB (1494 bytes)
Hash
1c21f311ce7d2fce86538083de17fbcc
ac92eb66bd5dc5221bb1c6106f951876b3fa083c
5298ed1b0e5f830e5fcc0e7247e439bfacf590a5a30eae05fcc49dfcae2d0d4d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/38a1d47bf9249d5af9e2926e86663ad9.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 12 Oct 2023 09:49:42 GMT
etag: W/"b0a50f5239a6ca38097f89684eae43e4"
content-encoding: br
x-time-ng: 0.044
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/21ebb5b5fdf9586189df900cda7e910e.json

103.172.117.176

200 OK

12 kB

URL GET HTTP/2
1xlite-1489498.top/genfiles/cms/1-1014/desktop/media_asset/21ebb5b5fdf9586189df900cda7e910e.json
IP
103.172.117.176:443
ASN
#8849 Melbikomas UAB

Requested by
https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_[]ALL[]null[]null[]general[]_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
Certificate
IssuerLet's Encrypt
Subject1xlite-1489498.top
Fingerprint70:50:F4:15:FB:B8:F1:CA:5D:1E:F5:78:AF:31:97:4C:6B:3A:0D:7F
ValidityThu, 04 Apr 2024 05:54:09 GMT - Wed, 03 Jul 2024 05:54:08 GMT

File type
JSON text data
Size
12 kB (11769 bytes)
Hash
9e5da15e44d6b6bab0cfc7c07ba9495d
4a67254b45112089d0833028de0c9c81acb930a3
0d51ae7eaa1511001f9b8b562a49d1b55d177a655f26035364485f02d5384af9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-1014/desktop/media_asset/21ebb5b5fdf9586189df900cda7e910e.json HTTP/1.1
Host: 1xlite-1489498.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-1489498.top/en/registration?tag=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up&pb=632760c2e06b41528df9974c2b04d9d1&click_id=3gg29s24lib84&r=registration
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up; postback_watcher=%7B%22tag%22%3A%22d_3052235m_14189c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D_d118528_l140523_pop_up%22%2C%22pb%22%3A%22632760c2e06b41528df9974c2b04d9d1%22%2C%22click_id%22%3A%223gg29s24lib84%22%2C%22r%22%3A%22registration%22%7D; platform_type=desktop; auid=Z6x1sGYsLRCmNt/tA1X5Ag==; window_width=1280; che_g=fd3f5da6-1cf7-51e1-f223-3de0016318db; SESSION=b3e51fc21312409b0601212dd3dbad20; sh.session.id=4381e1b7-4b81-4fd9-bdc6-5cb9b5a8e386; _ga_7JGWL9SV66=GS1.1.1714171188.1.0.1714171188.60.0.0; _ga=GA1.1.1042366253.1714171188; _glhf=1714188964; ggru=195
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:39:18 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Sat, 20 Apr 2024 09:34:12 GMT
etag: W/"9e5da15e44d6b6bab0cfc7c07ba9495d"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (55)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML