{"report_id":"15f4d313-be71-4d1c-9e89-6cab49cfc28b","version":6,"status":"done","tags":[],"date":"2025-10-24T22:16:05Z","url":{"schema":"http","addr":"1xlite-5227452.bar/ru/promotions/wheel-bet?tag=s_4480839m_355c_campaign=B1_GEO1_Trafficstars_desk_video_RON_wheel-bet=site_id={adspot_id}=pab_id={site_id}=creative_id={creative_id}=clickid={click_id}\u0026pb=b9dd29304eae46669eeb3049a5d110f9\u0026click_id={click_id}\u0026r=promotions/wheel-bet","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":0,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"title":"1xBet"},"submit":{"url":{"schema":"http","addr":"1xlite-5227452.bar/ru/promotions/wheel-bet?tag=s_4480839m_355c_campaign=B1_GEO1_Trafficstars_desk_video_RON_wheel-bet=site_id={adspot_id}=pab_id={site_id}=creative_id={creative_id}=clickid={click_id}\u0026pb=b9dd29304eae46669eeb3049a5d110f9\u0026click_id={click_id}\u0026r=promotions/wheel-bet","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":0,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-28T22:16:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"1xlite-5227452.bar","ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-09-24","domain_rank":0,"first_seen":"2025-10-16T17:44:50.296367Z","last_seen":"2025-10-23T19:53:24.311565Z","alert_count":57,"request_count":19,"received_data":937788,"sent_data":59383,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]}]},{"fqdn":"v3.traincdn.com","ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"domain_registered":"2022-11-10","domain_rank":256434,"first_seen":"2022-11-25T10:00:40Z","last_seen":"2025-10-20T06:06:47.256179Z","alert_count":0,"request_count":64,"received_data":5912225,"sent_data":32331,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"radar.cedexis.com","ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"domain_registered":"2009-01-07","domain_rank":28156,"first_seen":"2013-11-27T02:31:43Z","last_seen":"2025-10-20T07:54:14.894919Z","alert_count":0,"request_count":2,"received_data":1415,"sent_data":852,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"domTimer","is_inline":false,"md5":"01f4b51b4ba7edd00ad9f0a22259f06e","sha1":"00723d0eda4be61a7b1c542b0a08a94a94a60017","sha256":"9fdac1c31a22f55dbb8ca225ee28c3f7e88b41cce82968af0018c9f8b3bd35ba","sha512":"83d180c9960a53f88da3e3ff8616b4e095b7d642182f5855cfa386d48a19b888fedbde6433d1f926d9dd93d0a813a24590591729a6d8393543dfc490efee2070","ssdeep":"","tlshash":"29500000c000c0c0c000c03c0000000000003300c0c00030033000000c3000c0000003","size":10,"data":"","first_seen":"2024-09-21T15:04:59Z","last_seen":"2026-01-22T06:40:31.224966Z","times_seen":5888,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/app-27bf5ff5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"037c03a031557d6e3092efaec5970895","sha1":"69923bb517630366e25d437bdeaa3adca4a4cf65","sha256":"b445fb0fe8eee46aa91eb902d6429dee71c93ad91ef8935260e39a9e2bceb188","sha512":"93b1e12712305998b8566f9f163673159d4846440b95f5fe28ba5926b8646ca03d12aee12fc7fddbfddbbf221f0e4ed4f767c0038924fd4dab983a7ee31a9808","ssdeep":"6144:+LeT/eQ+NaCwYx9lyQeZKDr+mpZ3DnsLljKmHEKzbvqvtoST/i8LgivMNIdamD9W:1/eDXDZBK4NThDLZTXg+tk","tlshash":"71a44c65b5c8f4ca02e34bdae03a1061e33916b9780dd064f778fdca359bc05926a67f","size":456237,"data":"","first_seen":"2025-10-23T12:23:23.487308Z","last_seen":"2025-10-27T08:52:17.996832Z","times_seen":190,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/vendors/plugins.vue-notification-45036fae.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"68c44cb604f3869c637a35ed2c344acc","sha1":"3c4ac5ca9779efcf5f50dfe8b3a8c9a9d3bc9b1a","sha256":"9b7e131059289da49f11abea6b13603a870782d7378c4fd8eb1b4b53ecbef7b7","sha512":"9d84e02a3e3304288252e8186c9202fbe8644fae11deb9ce000caf9ad096db75133a62ab0064b929c7ccdba968c9fbcea7b0cf6753d720e06f20eb07be2abdbb","ssdeep":"192:hU1hQXHv3CbfKpqEVwhSIkrReP+SdHtfGA2D3ow5EE9bJ52bFZLy2mp4ilVj:hn3CmpcDkAP+S/fGAWf5VbWbLy2mmijj","tlshash":"634296ceb2c2b4650be760b6402f110af136a96869ab54d4f3b1d4f2adb564c413bf39","size":12563,"data":"","first_seen":"2025-10-22T11:25:36.138391Z","last_seen":"2025-10-30T11:27:15.288986Z","times_seen":376,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/vendors/date-fns-locale-71-9b8ee2a4.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"8937c70de80a3323f003996ab27e9f90","sha1":"7fd189697a06436537e505e7ecfd2ac5da9d7cc9","sha256":"c7f8e5ce869a6c84ba8f8a97daf898e96586e01c10020e8345d709f6fa8fb234","sha512":"4fbfde24f90b81bce94215b2e525b2955767279d5de22e89bf30180787e5f018d964db050dd82e21cb5a02f17d1d33e11276b134b5e7f650362fd5299cfe2e79","ssdeep":"384:KYFTkndtxlBEW9eDs/CFaFIRTMXA9qwC2UQjGFhy8dTxzjMuRH5:VFwbnCFaFIRTMXAw2U7","tlshash":"2b6266902aeed1974503f935f4153dc4662f59be780bb621d7f18da0bab34b04238776","size":15757,"data":"","first_seen":"2025-10-22T19:35:41.578922Z","last_seen":"2025-10-30T06:32:37.244591Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"2cdaa92927f02e0b628f1ef4d7dd8caf","sha1":"9104a2e16ed080b80a42588b8aeb52ebec47ab7a","sha256":"ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db","sha512":"31da80bc1b17aa708fef74b0211af91fce1b4a5f518f11e5caa80f50e9a7791b6e94924e381f550fc44a02f4c1d785e5b95fa2464e7968b5cab079612d70d839","ssdeep":"","tlshash":"1ba002935a5ef66c209044860696e74733823d6a3477b1d625bc5509e6061474817257","size":69,"data":"","first_seen":"2025-05-14T05:06:37.199299Z","last_seen":"2026-03-18T19:40:26.76398Z","times_seen":5502,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_FCX6UWBT.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"588b298e9096c73f4d84f2961d4378ba","sha1":"568c0ac4c8540c21caf445d8490348a9929143da","sha256":"cc5353d60fc3bbcefb808e19d05925ab3fb0cff09092317813265725e95fa808","sha512":"a093cd11cb064df4b612ee5ee7128b352a1bfd951eaaa68553cf0aba097e9561774ecca5d78f3e0b6dbea18d21bade34a0d18426d66e0b37f9f67a439d7d3051","ssdeep":"768:lwZ1yyQBOuHJ3aUiJJUfns+/C8vsqJlm8qgqYHg7FD0v341KE:lwWBOuHJqUiJJUfns+/0qJlmbgqYHg7H","tlshash":"65e25cd8b779bca2335e908c90370323b37559e7484d9020f7e65e9235a5a0282e7f7e","size":31184,"data":"","first_seen":"2025-10-09T09:08:10.597929Z","last_seen":"2025-10-30T11:27:15.273914Z","times_seen":1015,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c858d505c1.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"91bc7dfc66a8d3f9c4841546142da182","sha1":"0ec235cb21b420b16d6ea8f22b390aa2bb7f182e","sha256":"fbdd2031f618da40a4582a3d649e9c65d68bacd2c38056580d8f6cf641a66182","sha512":"054cd172236bca38f6395b5d58afed1942f0365b09a8452936af9ebf910a3e6bfb3890290eb5c5338120841dc84dd1b24f39d79b16553d4bbdecb0cdbeafca1d","ssdeep":"","tlshash":"7341c895b2b031f3f677515dac0660f1c3083a9d132e10e8eae9484e220c9c32767793","size":1973,"data":"","first_seen":"2025-10-24T11:37:35.753558Z","last_seen":"2025-10-30T09:36:52.119539Z","times_seen":257,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"Function","is_inline":false,"md5":"ea57d00073f1aacc68cf9508c775bf11","sha1":"f313483599167fd5f40229e203d1e0e3523b8082","sha256":"df56b6af6dfadaefa22ce0211c9ab22257fe343d6252f6e080d511691087b816","sha512":"00b0e389f42f0b3917feb0e862254e4bf1707ad5c30146f88cdd93d6100fdf552fee138bb3bed946be104b7dafe2a17958f135c73ebf738566ed7411f1177444","ssdeep":"3072:leHB51a0f5+28b4pF1nMLCuYQKjBgWVXnKLGwsJISx7noVoRnnxeOYZlDPu61Pv2:4HRfT1nMLOQKaWYLGJNXRnsFRtDE","tlshash":"646460482ca19e58eee51c2315c9e58c98cb3d4f7adcd259a50373bcadac62df1b4b01","size":331726,"data":"","first_seen":"2025-10-24T22:16:15.722301Z","last_seen":"2025-10-24T22:16:15.722301Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/vendors/plugins.vue-js-modal-025d2bb3.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"b1bc62ed27bc91fced7167abfc99d179","sha1":"91f89cfa92ff216100c3821511a2487466182299","sha256":"c8b94a3375701f99d992127225e8ae03de62b59ff2e86fbf6bb47d64aa64a13c","sha512":"2c309db0b7972219dc2d455403c4d1aeb28428c442eacc61b64701254f3e0584d3d239e9183fcc7f49aeff5401fa5d3411667bf9e00874fc992a261f8e9f9f0a","ssdeep":"384:bBy0a9vOeCGAZIXfK2rVsAdm00uow4HQEjacGXGQVe6ubqw:+HyIXfPt4wE9GXGQcbqw","tlshash":"4ec2288977d8307442db5573627f2b0ab23e295074269888f772e8e65cb864d206ff3c","size":26667,"data":"","first_seen":"2025-10-22T11:25:36.117833Z","last_seen":"2025-10-30T11:27:15.259833Z","times_seen":376,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"eval","is_inline":false,"md5":"54e0b1d17858af8480a5e714a1884cb8","sha1":"be3ec00399baa3e92a6f718b426364841f7777f1","sha256":"ebb4295eac21dbd04b06d36e1294b1795b4e3edb3ce777925f0ea73393973207","sha512":"ea4958fc08676e4f79b2eeb6dda6f18e1f4a45fb734156fab538b3437b97523f69d558460034c772d6ceffcd392e078ae77f51eefc191511c9dc4bab7a77cd88","ssdeep":"","tlshash":"92515011e03c9a3bdd33052ea20f7f135fac45b62a892f5cb21c4bac25d61ce910368b","size":2676,"data":"","first_seen":"2025-10-16T17:44:57.1252Z","last_seen":"2025-10-25T21:32:04.986108Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"83e311eb8e222d229b6177bd007ce9eb","sha1":"96b851ffda0eab794c2bb637255a48ae25770144","sha256":"d0ff62de588e1c47eedbd91a89dcf394e2ec5bd09392ea556b9a34108077e9ad","sha512":"fd2e1bfb6588598e356ddc08724c2e6f602b89626b30eeca2c25b8f60340f25e28a761b8e13b75d1627172530abf7dd0e586e792f53759d08bda626145f65b0d","ssdeep":"","tlshash":"202112debed2b5908394188c4e2ec055f23a2957641ce6fcd765e7827c403a186f3c1d","size":1297,"data":"","first_seen":"2025-08-22T10:11:14.559442Z","last_seen":"2026-03-04T04:00:43.42063Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"Function","is_inline":false,"md5":"cedf9657337c8af4c9e8e57636a7a7c7","sha1":"4b9184ae2b34a0513049662817d50e21015a7077","sha256":"810f085dccc63025e6ac1c369c20391a5c2cb53ba762ad7fdcbf32c92c2a4db6","sha512":"13132870effdf851e8fd31946bc3c5664af003d4a58df711f50ef9f10071b677ae79a6912f9c467d5789a4ac88eb3130f11e553352e4bee1fecbed5c6edd13bb","ssdeep":"768:2aCpnsWP0tq9YJg267iKULv2bbkGX86qhW8GFAIIVn050ps9GKIIgjGiG0IUwXi1:ekIiKUZLNxlY0LlHLP","tlshash":"0993ede02c9c6458334b521b5fab34e0e40c439ebfb97426b7249592f46dbafe685334","size":90150,"data":"","first_seen":"2025-10-24T09:34:05.223526Z","last_seen":"2025-11-04T12:50:30.076677Z","times_seen":500,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"eval","is_inline":false,"md5":"4e35362f521fe39e7c309be8f8af77c6","sha1":"18708e5f84bd24fab56b8ee472c3f69bf956dc60","sha256":"d7df9231c371f7460638d4fb77b6b1e9fc10b04813eda97e46f2bd298787bf2a","sha512":"214c3510eb501f7335679598bdc28eb105a7b9c61f8ddeddb2f0ad4ec9d75520dd57b2cc50820081892323385abc56d9bd28bacf3f706bccec47d4907c71247d","ssdeep":"3072:1b8+MPS9bd2uRzNngDTU/QKScvR00w5+xpuclD/cBWdXf0kebfT4CfPvD52we7zy:1FMP8bNncTU/QKShwxpB/dI9xHZ","tlshash":"2c742c892c61dd48eee51c2315f5ed9d94cb2d4f7a9cd268a603f3bcad9c63db060a01","size":344771,"data":"","first_seen":"2025-10-24T22:16:15.671424Z","last_seen":"2025-10-24T22:16:15.671424Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1/23802/radar.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"82dec77fd0353c7c71ce053b8601387e","sha1":"fbbca95419e1d0c042e0a5fdf10f380aca66188c","sha256":"39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7","sha512":"6872c895cb44711405e57a436dfbe15d094f9159e11ee2b89983c63b1f18f6acbdfaf0ccbb5e48b2bf24f366f16584c660bca4b6b14c048a134bb77a60f6563e","ssdeep":"","tlshash":"02e068ae9391a318537a2dbacc4e060ba0f6114888e5e4e029f5c2c00461bae072bfb4","size":390,"data":"","first_seen":"2024-02-13T14:23:26Z","last_seen":"2026-01-15T12:01:08.184588Z","times_seen":7496,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"Function","is_inline":false,"md5":"94361ed86ab9b2fbb8d805c2025df46a","sha1":"3f428332f7a1c7196a85c93a373a966d75708c19","sha256":"eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a","sha512":"c8f4fb7c642357730c6c59e0b49fe3ec16c228d83d4ce402dc62f01e451529b8087240afca37096cebdaaabf47c189dfde5e6e2d780440f663f0e2bc8cf88ff7","ssdeep":"","tlshash":"f6b012df6c8351104a9292e001dec8f0443620303b00cc45544ce7716d2e865de2625e","size":96,"data":"","first_seen":"2023-12-06T14:32:27Z","last_seen":"2026-05-18T22:11:53.801427Z","times_seen":8056,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/vendors/app-deeda7ce.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"d79cb00e8f0dc0b0b950399c32c05ce4","sha1":"a918e4ca86d9bc860d0296b1878834935517a4da","sha256":"67e24942bf1605b1847fddea708bf7dbcbb45ff047c460e3ce68a09e07474c66","sha512":"3a580dc57c9e2fff29cbaf8119ec1433933d821b81c9708aec647213fa99f68e6bd09560fa13420cbe4b31b691916e9909354d9743c9b971d780e7a16bc8f84c","ssdeep":"12288:wdQX/yYLlWkWpdY4g1KkrOIC+uqezYCr410eNSD:vX/yYRWkWpdY4g1Kcgxq/w41hNSD","tlshash":"f9254c69b981f2560aa36ae9c06b0057e33d6f1ebc0cd454f2e7cdd5395a804713ab2f","size":962766,"data":"","first_seen":"2025-10-22T11:25:36.520281Z","last_seen":"2025-10-30T11:27:15.26952Z","times_seen":376,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-3b61338697.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"da3b79df39ccb8109cd7a8141ff7a204","sha1":"0d69fc9baff1645e2052ee2f03a751dbc41f47db","sha256":"939aa889b4f1cde738cbc00a11440df10410763c17437dc90eaab09cf2f93e6e","sha512":"073e637c591f2aa203eb282f10ed31ba027f691ed6a861b28d71074ffe6d90d239b90e96c33ff5d17e0250efe1dcd0b11d33219622071f43df67079bcf6399fb","ssdeep":"384:H1GgN7ay1ZxtPlaMr+WT3Cj5lWg5KKAqYndKolTxolw8Oi2EeLcl+96VWBHDCid/:H1rV1tP8ZWT3Cj5lWyPAvdKolTxolUca","tlshash":"ebb25f742597b0b625da9a582779bc83d3c80f6fac9bfde2508a48e613d304880567f7","size":23752,"data":"","first_seen":"2025-10-24T11:37:35.809263Z","last_seen":"2025-10-30T09:36:52.057597Z","times_seen":257,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/main-static/70a3747b/check-ob.js","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"c065700c9c8c493403359e1f2baa10d9","sha1":"4630fe729e70bdf63fa7ba6c84ec277fd1f51030","sha256":"1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4","sha512":"b2e1c73cb94f5e3ceb35c3662bf4d72baf800a9a7c64318b1db07d50e9c885dbd94821ef3b3916d1b8b4fabb8f45cb588834b41c6a8a7f4d2c3e9c3866083ee7","ssdeep":"","tlshash":"96d0a79fb900211406939267d12f8668807724973f008182500597e069b8f4c4b37895","size":219,"data":"","first_seen":"2024-07-17T14:33:52Z","last_seen":"2026-01-22T06:40:31.153166Z","times_seen":6298,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/runtime-79bf0200.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"97ba89c86cf9043e97e214303e336ce0","sha1":"611bfbaba9b429b4e00c97258e19de37b5f9a575","sha256":"efaef9bc275f0fc825ae7cf955604bf30a14ee30a121f7dd35f4226076f5acfb","sha512":"7302123b7a5e63807e010f6746a53db95130b1978211e309e1735408a808a48dde64bb88610073ca7af92bf574fa0600b8af4382bed510ddb4596b9eaa2285a4","ssdeep":"384:WmFrEFyItnhbnINgOEOEFyItnhdVnJ200j7fH4tT:PhlIthbnINgOEOlIth7nXCUl","tlshash":"8d72fd5daf2acd631d22ccc338217d21585924375c4647eceafee2194008e68b5afe2f","size":17003,"data":"","first_seen":"2025-10-23T12:23:23.461114Z","last_seen":"2025-10-27T08:52:17.916022Z","times_seen":190,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/Betting.Core-adab9a69.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"cc039f30eda61cf5ac607428dea6b65c","sha1":"0a5174196436ab9199d223b191e7c6581cfefd8f","sha256":"36dd8523aa00bc38c50b3dedd6577cf2715d26445ea1f5f838b5623c20a906c5","sha512":"b14b9db521ec1b243cd13973d1bee1d4d2351fade2c76c7721e2032555ee3f0283ce9fb1bcfc115fdc6e37260ecf5b883acc0111364fb65a7e35ab9120186208","ssdeep":"","tlshash":"4041a58535d33c48433d50dd80fb29e6f0b86fa9290d01acb482a9d47028a96c1f7ec6","size":1963,"data":"","first_seen":"2025-10-23T12:23:23.406606Z","last_seen":"2025-10-27T08:52:17.907499Z","times_seen":190,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"bea5b052c307601192270938523fa030","sha1":"937f7094c67f5a92c1032a7bc3f21ee94bec66ef","sha256":"f41290374ba615854ebb4b28a07de775581707f3b6427bcc01c0529c62476f64","sha512":"b9bff7f7d9b518ec76898a732114873c01206378c2a840c62062f05487ef773716ce841d7a5bafe3f0c65fbfdf05509852571a3a6b381661cb6f4984d6bc23a9","ssdeep":"384:ZP7iayBuR9vu3z1JXvykd2+LaqHdC6RjVnTGm/7piCXmH8kCCcvJTCyCu+meAxiZ:piZwO3XvO+NMSJt3XmckXcv4nxJAxiH5","tlshash":"7b92a28c7684b0a287a7a2a7a07f860f71376865650e9004f59cf6ec3c35dba507bc7d","size":21252,"data":"","first_seen":"2025-08-22T10:11:14.555802Z","last_seen":"2026-03-04T04:00:43.408775Z","times_seen":3920,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PJNUBKRP.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"7e7ebd44e3a6550f862e122ab7df6409","sha1":"384ecbc3ab0f65e6b0f88c1e68ba3eb73fad4999","sha256":"138767518a09e63d24f918f6380923893a2ec3aa59a640e51c83517501823076","sha512":"e2766b50e289dc6a69fa30432a49a0b7743f15cd15a54d707959c7623f258057a821a94285c492746216cfbf815089309b6cc09b930ba7977ff9c4ffc352d76e","ssdeep":"768:wDKAOpvMewHFuM96WwZACjzz46zSTKsBE1OvFXfX1UXk:wm8uPW43zEIOvdlUU","tlshash":"a5d2b68c7799f02683bb3070907f580ef237a912594d90a0e591e5f86dbd75c822bfad","size":30277,"data":"","first_seen":"2025-08-22T10:11:14.535778Z","last_seen":"2026-03-04T04:00:43.425133Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"32053c9c355cf85427a5cc3f07de0b09","sha1":"f3c13d6a657ffa2ca8997f54f4779f0c02f1600a","sha256":"0ec410318f3ecc3a3aef3de68e99190845248bcc12282aa15eb9acc87f8837d3","sha512":"cbb8c7ef0bbed264989bf5b4af7d216cdeacc5684641c37d429e5ceca7dc04e55254e81f319cd856e7b4f447565bf5abf4e9915f5725eb57cfb142f113362078","ssdeep":"","tlshash":"2211756e18ed58291a9275c402b7ccfc642036363219d4c495ede9e1072ff990032f5c","size":1024,"data":"","first_seen":"2025-07-24T09:34:41.13762Z","last_seen":"2026-05-22T04:11:30.415893Z","times_seen":4001,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"Function","is_inline":false,"md5":"bc51ed8c76553717f10d58b2df60fd76","sha1":"e2d03a8fd8d280074b226c288880f9df299c7cb1","sha256":"bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c","sha512":"3207379b65060d0e80623fa966633b5ea31358b20de9aeb2c9416fa7d29f1972bf30809e39f0b826565e569d856dd2498ee0ec5285271c127f54daa7cf391911","ssdeep":"","tlshash":"489004473441140c47d7175410375c4c0c1500705441df400451dc510d51031114545c","size":39,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-05-22T22:35:24.272759Z","times_seen":14592,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"Function","is_inline":false,"md5":"580b3e56fc9ab6e8b4655f43ee057cc1","sha1":"5dfce565e446f4a167195de9a1a5dd26163c711c","sha256":"446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382","sha512":"b2350579a3aaa5843b9b16c31782f3d7a4b850ba211d0074aa05d819c89ba49b482eb59aefcfb33f9fc9b270abb7cf7509e1254def23e9f98c116130c47f0018","ssdeep":"","tlshash":"e99002491d851041c56a1160041e1888442488761a40d8d1c480d9551c51630238e45c","size":47,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-05-22T22:35:24.293878Z","times_seen":14584,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"754adc5d2dabf4b7f28275a735e0cf80","sha1":"b830b63fd2a9aaf283865d4acc9b1d059dec3ec7","sha256":"d324371afde45be89bc1e2f8f930617cbd0fda07feb69190619e51fa5830e944","sha512":"d47fc8758cb7ceb62d889952101cf27e8b369bc2870ff712624cc75461936fa35e5b459e52edce70c363801dbd25b2cf1f464607c2c03fc6a30ce23df8218aa2","ssdeep":"","tlshash":"bf311f6dfe1cf1360522b6bae03b730eab7318f96929b4088451ec956cb4e4f9416dcd","size":1736,"data":"","first_seen":"2025-10-23T12:23:23.501449Z","last_seen":"2025-10-27T08:52:18.007073Z","times_seen":186,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"d299b4586912fa5252941a05aa091736","sha1":"cbc6fc6117df9470de432523b16d07f483384edc","sha256":"1ce9764c2ad005a8a05186719c9460ec04700601e57112c4b1231792f1289e7d","sha512":"8ecca639e9badbed9361f70df314e5d6bdc855f3b7639bfeabfe636360ee55342478b299c16a24cfb186bff40ba7d518973c2eb428484c4229bfb598703938d5","ssdeep":"96:DhgxH0yK9g7IQklIelj+5Jknm5vwrKGYkhHr6QsBMOfQtSbNClcZ:1gJ0voINew6d5vwSkhOQtSbNwcZ","tlshash":"7dd1b492e41cfa2fdc23991ef06b2f310e54596d79927b10e6bc8b2d34931b5e30764a","size":6250,"data":"","first_seen":"2025-10-24T14:11:50.767662Z","last_seen":"2025-10-25T21:32:04.986814Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"f8933e6814091c5dedd76521b8914b04","sha1":"2c14f2484845b5d2f9aff42dfabfa967d59debc7","sha256":"9ef59ced5784549aed5a089630dfec9e97eb3692ec88b42e2b6481a5287156be","sha512":"808c58b9a69029d1764e9f8f80c35c05402098be25e10c2b93424594c0d4c03a0178c6af0cc7734b9d598dda55391381c7487dc10ab057769e668322a8d852b8","ssdeep":"3072:95E62KHN00Y0zXV+pQTND0YWwHR/98FEDE+G5u7y8:fE1gl7T8kDllm8","tlshash":"7e24932fa50c1d3e941f2e79c58f7d4e6b7c5e2a24cb6801dcae6e6910e3290456387f","size":215683,"data":"","first_seen":"2025-10-24T22:16:15.73103Z","last_seen":"2025-10-24T22:16:15.73103Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_chunk_LNU73JEK.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"d96d317966512ab8915a90670ca5a5af","sha1":"a810be1c3e515adb49804e8d976250deb16fd77d","sha256":"f125201d62c452efba070d856821885c7cfd539a31d55846caa6ae3a7522d3cf","sha512":"460b29966e6f5ac4d34ccc714217d29686d7aff42efa92a102729d40aa36dd4fbb87116178b2f9fdece5fdb09cb2bf2024312d3f1b86abb69644f695c76aca2d","ssdeep":"","tlshash":"a521f1e56fbc7ba362be2ae4a02e0041e001d53752f4f1d4f294dfb4a4e949d035b5b6","size":1232,"data":"","first_seen":"2025-08-22T10:11:14.554562Z","last_seen":"2026-03-04T04:00:43.411503Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_824f87a141.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"fd4d92864c0138e0939a7f98bd5c9927","sha1":"2820155baabf98bf4d6d4711a7d44e76ba30c143","sha256":"89aa221a9da1559e51741030682b09a955742a1ed53e901823acf7e9ead9f8ff","sha512":"33e35b8c0d3ecf15472c2ee087b4813463ad493d145edc0cf0719c73829cb879b8ae1ea4e484e41266ab8aa94fdadcf5dcb519484b01076e2211fdb7fa17c574","ssdeep":"49152:JtI6vPM7SQcFy2ZcgOr6fKbpUac2A2+DqLYWYtmaMUl:qg+4T9","tlshash":"83759d55f156bd232ae754daa4271183b64c4a1dd408fc90f2ebdce83ace84162deb7c","size":1640525,"data":"","first_seen":"2025-10-22T19:45:40.861649Z","last_seen":"2025-10-30T11:27:15.296111Z","times_seen":319,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7e5828ba4b.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"daaf9e2546cee89bd1b6b8660876f6fe","sha1":"be945af3a9bc57ee1a537428025e845bea37404c","sha256":"49c7e0b379f3853409f41ecd88c9dd4fc43e3363e7159f71ddab88dc08a80c0a","sha512":"263ed54a269f8cbcd9c81fea21a2aa303dbeaf1d85e208019ebb44d77ef038fb6c31dcdcafc7a50702a02fe2b98e6bb02613b0a92ede8ab67a110c408088f1ea","ssdeep":"","tlshash":"cb61b78178b6a0fa7917418d3d5270b0e34f1d79575816b1f2f5888823ee2845b2e6eb","size":3201,"data":"","first_seen":"2025-10-24T11:37:35.821168Z","last_seen":"2025-10-30T09:36:52.07472Z","times_seen":257,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/hd-api/external/assets/hdf.js","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"17cc4ade9ae4dd646178200428d67b62","sha1":"8949891455535a68218c809864ed91eb0f800c84","sha256":"b0c9aa9ea44642cc4d2a68a6a0ea81b2d8578aca18a4769c64f8b482189572c3","sha512":"ed1d64775d6f6aee5ac22448f6678a4742459eec3389d87d9383e7053ed5cf31cc74eb8ef0b3f3597b02e16f53d07bf88b2b7695c5f072cae01f7c2e48b00155","ssdeep":"","tlshash":"316182a764ae7e1212480cc7a47e9a4b7050e9063ca9f850d0bf6ccf2404da1c9a1f1b","size":3281,"data":"","first_seen":"2025-10-17T07:26:39.008746Z","last_seen":"2025-12-13T09:36:03.351895Z","times_seen":1800,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/commons/app-77afb36d.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"3b452bc2555689c178bbd0b9ea7ff320","sha1":"d8c59d35f6fed613263c4f019cd944e8167a49a8","sha256":"5dde54e7f93edc56d636daf42ec19feac48f812a52acf74f6239f854c38fa4db","sha512":"4233fa2aeabdeff32b4376afd3c072ab0fade756c9bd799bb3718d6719831436ecdb4b02211a0bc04b44e7d3a7f088e7d0e911e041c572e85b7224a3b006b675","ssdeep":"1536:XCrmhSG5YGf7BMr3y6MPC0UiXH2DHJjIAG3wvvjE+gjmZVBp+PWKq3Kwtp:KmjYGNMrmXHUp0qXjE+gjmZ4fwP","tlshash":"34d3d5dcf695b03117e721b5407f150bf23a7898680ac0a4f266e8d53db888ea167f7d","size":137774,"data":"","first_seen":"2025-10-22T11:25:36.257958Z","last_seen":"2025-11-06T09:03:00.003647Z","times_seen":545,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/vendors/plugins.v-tooltip-2996912f.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"6af90906031ea683190fd38d310a3648","sha1":"50b8a3a3357c8096325101aab8aaa8b242254249","sha256":"0f66e1a32a0f80579566b634c250fea0b793da9bcd99183be13569c7057846f3","sha512":"6268b55b199198af5668c9ef18d22938a4d1a8e65eff5a10bc2df050d3737bd43d6844fe913c7c281f1b3f2ece364dc4af96781cf22eb3baeca0d10dcc1a3c0d","ssdeep":"768:qlVnNgyCt/gswmmWMZI+7tSCUC8Lk7t8R6zk+BaNfSby/Qw/HLg57bh0PGBwrWdD:qlRN9ClgOmTPRSCv1MHHWdRfm5S5v","tlshash":"c473c78e7394f0b203e7b175413f620fb2776558a40ae014b2b1e5d4ac3da5aa277e3d","size":76773,"data":"","first_seen":"2025-10-22T11:25:36.527003Z","last_seen":"2025-10-30T11:27:15.25622Z","times_seen":376,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/DC-cba0e7a9.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3607f8a3163bf873f9e78f5aafe6d84","sha1":"8cbbda2c4412c7406881a2d54080cd635d26518b","sha256":"be3d191b639b2735af81796ef365d9e0617277f839c5aca12353dbf38dc8b924","sha512":"d121aea5699c6fd6e0da94a19ba50d7364f65b353d9191edc91394134111aa82204af08137118547cfdc5835d18595279d56e8d6d952d1d15a4e055deb8769cb","ssdeep":"","tlshash":"5241a40931a4fc11d7f90cd86dff72061027f076648dc9b4d3a32a8b08b7f6aa217916","size":2201,"data":"","first_seen":"2025-10-22T11:25:36.389372Z","last_seen":"2025-10-30T11:27:15.265061Z","times_seen":376,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7ae00eec92.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"3bb7acaea112b0e164d54b6388a06eba","sha1":"b2b570ba1378ba53741432fc2993c82a9c9fcffb","sha256":"b431ecaa38077381d02738964d2b81f25e8e3c4eea1814750a6edbe1ec93dbe3","sha512":"bebfd7215f3f2bad108a832d9eb62a0a92a3853493fd8da33535fae143e99b2d8acdd1a18e6b7b135e31aa4f3760155e2f85a7329a8c33b7814cc40fa72153df","ssdeep":"","tlshash":"caf002be9d339160610248995d1eb422c2883d6b0b6a75f482f80953a3420939a035d7","size":614,"data":"","first_seen":"2025-10-24T11:37:35.738569Z","last_seen":"2025-10-30T09:36:52.067404Z","times_seen":257,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/efc2f007b9.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"dfea5f2f27a58d82f748a20d67226ea3","sha1":"133e070cd3213ff29a5e3a7f37f64226d1d2d558","sha256":"d0e32171c154a9c0bf1c23020f4c48f07280cfd2c46b3a186a7e2d83582e53db","sha512":"d765db34c11e70b4f4c0439472159ff2002d076623bc54513823fd0e4d8cde929e2992daf6658b967f41f4753cb34628333f3485da7c48208dd1d0a5d70ad5ff","ssdeep":"","tlshash":"5451d8dd26f534b43d1d4e69e81a3471c728284b36bde8f0e6bd5f60032065ce2a5b86","size":3094,"data":"","first_seen":"2025-10-24T11:37:35.772529Z","last_seen":"2025-10-30T09:36:52.144554Z","times_seen":257,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/90111b00dd.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"84a8528e292464b10131ec54939f23f1","sha1":"cf4628df1e287f1547728a2a6df857461daefa44","sha256":"e24721f05baf6d0744e5095f292c9040c5ee5dbc7ee4b4c7ac86aa2cf3c950dd","sha512":"2d58a3879b2eeaa9311aa20a931af6cfef7951f02894e1c533d6795bd6ccb7534281fd94744326d160f5bcdd126f04b520bdf9f959b37ea61d96e7263cb8fa51","ssdeep":"","tlshash":"fa01106930b69188a5eb49cabd24107a97381a023b1b5ce5f7dd86b3405a18259ab886","size":740,"data":"","first_seen":"2025-10-24T11:33:34.501491Z","last_seen":"2025-10-30T11:27:15.287335Z","times_seen":261,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/captcha-api/assets/hunt-captcha.js","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"cba2651ff1e385e279562870b3bf56bf","sha1":"09af5671d23bff53cf397c7806c42fe1b7c66806","sha256":"5075031bef3fecc2e9c89ac66401d242ac89509cf7aaaa00d96db76387509304","sha512":"3dfc131f8cce25216de7b625356f5a764f6dd802b7e888b2e10bc66a284f28850d15b97741c2eb62baaf43d83f49eacd047c3498e21a90e01b678fa24d7aa13b","ssdeep":"768:daGT7sGxU+wMtyfKb5wYdhiz2bJgGXx+hc4GfMIIV1w50hmBGKSIgjGiG0IUwXiN:dvKwHdhI11Uu5nTJ","tlshash":"2a93dfe02c98a058374b561b5fbb3ce0f40c429d7fb93426b7249592f46dbbae685334","size":92169,"data":"","first_seen":"2025-10-24T09:34:05.157088Z","last_seen":"2025-11-04T12:50:30.048842Z","times_seen":500,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"00e44cad05af09626c2b10aeee7de5a3","sha1":"4461fd05cdd85255f4ab24edd5ac80e7b6dec92e","sha256":"5277a86b8db312b1e34318cb994829e113d8204c3a2e88ab594e5135b2bbfb2a","sha512":"548bf615b1118881d21a0cfd2d530b3f0ce1e14cc93cb6afce662b30ac70877fa152fd71b5d786bb2e43e31a1980e00b83106b1f4b3ae12fbb2ddbedf6c81841","ssdeep":"","tlshash":"901159c232e3a0d183e058cd1001d906f23969e9a4bca0c9c757e6b93cb2a53d87672a","size":865,"data":"","first_seen":"2025-08-22T10:11:14.567955Z","last_seen":"2026-03-04T04:00:43.420123Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"Function","is_inline":false,"md5":"7bcdb973ab8af8e24ab11cb554a1ba6e","sha1":"24e8a10f240f2b06f81d7c173cd0a90606641fc1","sha256":"916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd","sha512":"1d890761e2a00081531fda5c0489ebf4df4140a9748bdc6d97bd355023e3e4ab09e19663ab319cf775e28ba71d99ab09f20d5414a561fa10fa3be2cb874484ca","ssdeep":"","tlshash":"e380044710411010cdd351d040573c44001044f114c4dc500040fdd11c53030110545c","size":34,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-05-22T22:35:24.28494Z","times_seen":14599,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"Function","is_inline":false,"md5":"00beb9884d0391b342eadd30744b539a","sha1":"3124c0bd593822379d22f13d3e08e70a1bf5ea14","sha256":"92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c","sha512":"6fa2e21df54ca406f570cb639529d68edac5de27fd4bc3a9daa8fd0465b583ede1c1cabb550237deb75d8bf88f39e80c1a77777d794826ad3272630108e58661","ssdeep":"","tlshash":"539002492940210685661152001e5c58411491b094906c9140429c551d52020125ab5d","size":44,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-05-22T22:35:24.289454Z","times_seen":14590,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"Function","is_inline":false,"md5":"a01893d8e129ad16c1e0fc5c7537f411","sha1":"0e46d1bf2718f848d9d596fa269eaedb31204772","sha256":"cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175","sha512":"074e309b533fc11690afbeab9b4dda85851e086c0ede97936860c7a5c4120ed9a16c6ced4fffdad21ca322f6c6e51577bd4966c5264b4a9780495acc451aee65","ssdeep":"","tlshash":"0d9004f515405350c5533d54401f1d5400f105703c40cc71014cdcd10c710f0335d5dd","size":47,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-05-22T22:35:24.282814Z","times_seen":14577,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript,export const meta = import.meta;","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"6d772b7d405b447ecee54ab61cdd5108","sha1":"dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7","sha256":"b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b","sha512":"a3947640368602c9fd9dee887bb1a7e463890ff42e2ddd292c377593c5fad246d3e3363e9898cd1e5ecda9c59b5cf7c7cd0acfc2a5a1e5d3acec2cf0d62e20b2","ssdeep":"","tlshash":"1f800003800802380aa0c880028e80b00ab222203f00c08328088b302e3b08aca332a2","size":32,"data":"","first_seen":"2023-12-06T14:32:28Z","last_seen":"2026-05-18T22:11:53.800325Z","times_seen":8055,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/Page.Block-5850c141.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"87870fd4c5d3d7b49b0844613e2dcc2b","sha1":"0118f40cfe763452f3920a15dd15d4b4d55395cd","sha256":"11d8da81797427e7b20bd4981caeb142c0a2e5868182d00eb21e45501fbeb96a","sha512":"5a55df8f6931ab46c7149b0739513069eb700659675bf7400856349d809d7fdd16a5283b3684dc9346927d6cb5c829c93ba34e4d21eec8a93994ebba4c116ed0","ssdeep":"","tlshash":"cbf00e9b6862fc8e94e600c743b681f7b48c797a0649682002a0c8b132b6816081128f","size":475,"data":"","first_seen":"2025-10-22T11:25:36.107748Z","last_seen":"2025-10-30T11:27:15.246174Z","times_seen":359,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/promotions/wheel-bet?tag=s_4480839m_355c_campaign=B1_GEO1_Trafficstars_desk_video_RON_wheel-bet=site_id={adspot_id}=pab_id={site_id}=creative_id={creative_id}=clickid={click_id}\u0026pb=b9dd29304eae46669eeb3049a5d110f9\u0026click_id={click_id}\u0026r=promotions/wheel-bet","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-24T22:15:40.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"GET /ru/promotions/wheel-bet?tag=s_4480839m_355c_campaign=B1_GEO1_Trafficstars_desk_video_RON_wheel-bet=site_id={adspot_id}=pab_id={site_id}=creative_id={creative_id}=clickid={click_id}\u0026pb=b9dd29304eae46669eeb3049a5d110f9\u0026click_id={click_id}\u0026r=promotions/wheel-bet HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:40 GMT\r\nlocation: https://1xlite-5227452.bar/ru/block\r\nserver-timing: dt_total;dur=0.008, total;dur=27;desc=\"Nuxt Server Time\", wf-uht;dur=0.043\r\nset-cookie: platform_type=desktop; Path=/; Expires=Mon, 27 Oct 2025 22:15:40 GMT; Secure; SameSite=None; Partitioned\ngw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned\ngw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; Path=/; HttpOnly\nlng=ru; Path=/\ncookies_agree_type=3; Path=/\ntzo=2; Path=/\nis12h=0; Path=/\nreferral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Tue, 23 Dec 2025 22:15:40 GMT\nreflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; Path=/; Expires=Fri, 24 Oct 2025 23:15:40 GMT\npostback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; Path=/; Expires=Sun, 23 Nov 2025 22:15:40 GMT\nauid=uaWZamj7+oyDt3I1A0yPAg==; path=/; secure; httponly; samesite=lax\r\nx-dt: 2336\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":240990,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-23T02:19:52.969623Z","times_seen":15584112,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":103,"dns":10,"connect":27,"send":0,"wait":71,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/version.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.357Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /version.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: application/json\r\ncontent-length: 11\r\ntraceparent: 00-fbb1e5cd125d8fe20c0524779c53a7fa-02d90e23b9a73337-01\r\nlast-modified: Fri, 24 Oct 2025 11:13:28 GMT\r\netag: \"b672c311d0b5ac497a7a723a8f023ab6\"\r\nx-amz-meta-mtime: 1761304408.514081704\r\nexpires: Fri, 24 Oct 2025 11:15:25 GMT\r\ncache-control: max-age=60\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 37\r\ncache: HIT\r\nx-cached-since: 2025-10-24T22:15:04+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text","md5":"b672c311d0b5ac497a7a723a8f023ab6","sha1":"f5ae70d5aa8af92191647797d97831b864c329b7","sha256":"58d1552cc20cdc3fc6ef17dbce861b73afaada93ca106d13648b61de5e823db8","sha512":"4e0360804ecc78854127f8c057e6bfc5f4cac6a65c65c7d9f34851348dd7582eb662a4132156cb935dcc16294653de82e1f90166ac38aa1d56707cdb857f0749","ssdeep":"","tlshash":"7a50000c00c00000c0000000c000c000000000c03cfc0300c00003c0030300000cc000","first_seen":"2025-10-24T11:33:34.450623Z","last_seen":"2025-10-27T08:52:17.894833Z","times_seen":178,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":5,"connect":8,"send":0,"wait":3,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 653\r\ntraceparent: 00-3346c70dd997ec7f2c676b22ce6f80f2-915505cfbb180e47-01\r\nlast-modified: Wed, 26 Jun 2024 08:18:02 GMT\r\netag: \"e6f0766cbd95db33da44e7a9140648f2\"\r\nexpires: Thu, 16 Jan 2025 10:46:36 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 3371\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:19:30+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":653,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"e6f0766cbd95db33da44e7a9140648f2","sha1":"5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf","sha256":"c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0","sha512":"249da39baba03408de98c7fa9a9342ef120436037ab6245b3b4a5f1a206291caaf67481c6ed67064544576697d41ab82499abffec998d837812292a050bf826a","ssdeep":"","tlshash":"90f083e032254a855c02ac7fc33414448fb226cc3682bb09e012887119d24a79dd1368","first_seen":"2023-04-05T22:56:35Z","last_seen":"2026-05-20T07:41:46.643281Z","times_seen":6598,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/runtime-79bf0200.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/runtime-79bf0200.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-1d792c29d0797b494b579d1205eaea86-706412d33f053fbf-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:38 GMT\r\netag: W/\"97ba89c86cf9043e97e214303e336ce0\"\r\nx-amz-meta-mtime: 1761216277.347342536\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:56:00 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40664\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:57+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17003,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (17003), with no line terminators","md5":"97ba89c86cf9043e97e214303e336ce0","sha1":"611bfbaba9b429b4e00c97258e19de37b5f9a575","sha256":"efaef9bc275f0fc825ae7cf955604bf30a14ee30a121f7dd35f4226076f5acfb","sha512":"7302123b7a5e63807e010f6746a53db95130b1978211e309e1735408a808a48dde64bb88610073ca7af92bf574fa0600b8af4382bed510ddb4596b9eaa2285a4","ssdeep":"384:WmFrEFyItnhbnINgOEOEFyItnhdVnJ200j7fH4tT:PhlIthbnINgOEOlIth7nXCUl","tlshash":"8d72fd5daf2acd631d22ccc338217d21585924375c4647eceafee2194008e68b5afe2f","first_seen":"2025-10-23T12:23:23.461114Z","last_seen":"2025-10-27T08:52:17.916022Z","times_seen":190,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/ru/dictionary_0f52487f996323d08b156d8b4f09b721.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.233Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_registration/ru/dictionary_0f52487f996323d08b156d8b4f09b721.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-eadd08a508aa00686a4c508af8845354-eededa6a491cfcc1-01\r\nlast-modified: Fri, 24 Oct 2025 14:11:46 GMT\r\netag: W/\"d03de9c849cc33b7ab04b05384f8878c\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 15:29:29 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 865\r\ncache: HIT\r\nx-cached-since: 2025-10-24T22:01:17+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36323,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (24904), with no line terminators","md5":"d33810c839682ad3d6e697f63ef6e46e","sha1":"0ad309c56ab9ce516ddd46111bdb960cbb632f5c","sha256":"59df03eb370bf0c3dfa3cc37a4c431dc208c5bdad1ebb050b778065c6cd3593c","sha512":"ac2ef814402452ae90ee8a1a19e6b7a6858807464eaa735d14d225a8f50eefbbcb704fa3d5c57cff2858c34cbd2fe0ce67ae59f725b62e7b419ee8739ad995ea","ssdeep":"768:UyW37q96p8mncbM6ravm8Q10N8W0rVcW8:Uy4q96ua210N8ZrVcW8","tlshash":"55f2ae991aad68fb0241e01bec097e0e3aef01fd7faa535116b42d7f34f1164862a61d","first_seen":"2025-10-24T17:40:13.386616Z","last_seen":"2025-10-27T00:31:44.57525Z","times_seen":11,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/ru/dictionary_fc2439c885273b7e071ac52333e7c217.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:43.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_block_pages/ru/dictionary_fc2439c885273b7e071ac52333e7c217.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:43 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-8b87740bc26329929b80a4b625737e8a-d13165db104f903b-01\r\nlast-modified: Fri, 18 Jul 2025 16:09:15 GMT\r\netag: W/\"bdd682decf80863e0b45a0e53438bba0\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Fri, 18 Jul 2025 17:34:46 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 3590\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:15:53+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3491,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"bdd682decf80863e0b45a0e53438bba0","sha1":"b236e8945d85157332efb3760778c89946a700a6","sha256":"e5ba1fd10d022023339d686d1d48030c047a313138b5b3ea76396f4e2381ae3d","sha512":"9359dbf9b1e524e7d81c0d4f5500730442bd149cd46274427c2b576c2ba14f949a16d79135ae74c70fb3fb3e6b11517316e3ff741c48fbe9e6ce4b698f8228ff","ssdeep":"","tlshash":"e471af11367e64ee3608a005fc087e0b3d9745ff3fa65296aad8ac6f35f6034913a51e","first_seen":"2025-07-28T05:06:21.035673Z","last_seen":"2025-10-30T06:32:37.23496Z","times_seen":76,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f3f09a899e.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f3f09a899e.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 691\r\ntraceparent: 00-eea57ef3d5cbc35c465f629d80fc2829-706e874f8ae3d85f-01\r\nlast-modified: Fri, 24 Oct 2025 11:28:02 GMT\r\netag: \"66d9547b2e8b21b9cc566ffd2da94221\"\r\nx-amz-meta-mtime: 1761305221.38361577\r\nexpires: Sat, 25 Oct 2025 16:14:28 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 21673\r\ncache: HIT\r\nx-cached-since: 2025-10-24T16:14:28+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":691,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (690)","md5":"66d9547b2e8b21b9cc566ffd2da94221","sha1":"2334880db1e87c5f5c541abe181c930c76fb7246","sha256":"4a0efa233ab948edbc63842d56fd883bbe937e6ee81c75f87451de265e16abce","sha512":"ebf4510bf5bd211ec43e2ba7ee1bcc4cf43454d57a183afb90981ef94db20ccdfa077553219fc37b845ee2791a00f76f80b485d1514e80a947aab06623ae2e30","ssdeep":"","tlshash":"1101d81d3d2d51984977c3c02e984b850023f23b828a30e8b9fbc2187d8a6035a961bf","first_seen":"2025-08-22T10:11:14.566856Z","last_seen":"2025-10-30T09:36:52.111968Z","times_seen":2058,"resource_available":false,"data":null}},"time_used":61,"timings":{"blocked":59,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/metadata.json","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.103Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"GET /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/metadata.json HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nContent-Type: application/json\r\nX-Lang: ru\r\nX-Uuid: c4b553aa-8db0-423c-8230-b37ad55e6de7\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json\r\ncontent-length: 42\r\nx-dt: 2336\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.072, wf-uht;dur=0.009\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"872f74b6746dd8545d566aa9b1e99ec7","sha1":"b2de7f44c9d404041467f45d9c9e67b825490e0a","sha256":"341a76ee9cfa5a6bd37b2a37520e4a953ac6c5063318932cab3752e8724030d1","sha512":"f2403d2b5e192dbc193af85ea0c041e389b23bd33c3aab107883de158b16df6ea04cbdd6774cc724ea79e44a06ce33f4ad3a2a9bb6ef2e04e35f8add95688a17","ssdeep":"","tlshash":"8c9004045044003453000441571d1f4c0f3c055d71c15407544574001753ff13c55007","first_seen":"2025-10-24T22:16:15.636047Z","last_seen":"2025-10-24T22:16:15.636047Z","times_seen":1,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/ru/dictionary_9d164776ee64f148f32e77a112ec4c29.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_forgot_password/ru/dictionary_9d164776ee64f148f32e77a112ec4c29.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-0315e71cb0816fc3bc5f894ccc81530e-2c8cb69a4867c3c0-01\r\nlast-modified: Mon, 16 Jun 2025 12:08:40 GMT\r\netag: W/\"b3ad57a76bc8ce27aa804cf521f6a683\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Mon, 16 Jun 2025 13:10:38 GMT\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1570\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:49:32+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5767,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c231ef4162887c082ca6df97aaab0a5e","sha1":"fed2ddb72e42d9d93b83fbb8eba307e5de291b39","sha256":"e0fa319fbc5bc7633e2f4c310f473f58cd615ba70715e0e2f342f2863ebfe4cc","sha512":"012ab0b0f92f9c1226fa50f99e3c7e9c8321e658465c6831bc75d3df18b235debbc1728788a1407a9fa9c6750a33268d817922b54a66b97d6109d20902e1e701","ssdeep":"96:6mOxugAPIoEsnZEgEhX92aK/SGepPM0mSxIvAJR/L:6bug63ZhA2/SGWP4S","tlshash":"bdd1ce445aab1cd8002ee486f404ae953fe6d0ffefef091506389f1f36f29e1526564a","first_seen":"2025-06-17T19:13:18.688476Z","last_seen":"2025-12-02T10:01:31.376739Z","times_seen":124,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-2336/desktop/media_asset/0f9ea2d3a9dd5ea6bf1f2041c78f6999.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-2336/desktop/media_asset/0f9ea2d3a9dd5ea6bf1f2041c78f6999.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-561c04759989d7d07e355d8502a917e7-1d71a34e0126ef85-01\r\nlast-modified: Tue, 17 Jun 2025 07:09:19 GMT\r\netag: W/\"811ce3b7877d19901e45430cb6523d62\"\r\ncontent-encoding: gzip\r\nexpires: Tue, 07 Oct 2025 21:56:07 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14232,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"811ce3b7877d19901e45430cb6523d62","sha1":"16a905115a678fdef3923f91c6f76cbab613e84d","sha256":"10fbb74dbac63abfe9c4f5a77abc03757ef3527a479d4ae70dc977b515eec8cb","sha512":"21a43d793bd4200ff9972a793442fe492b6a1699f20053c4f01695f69f918685bf30f03f778346c2f61bac40d2e51bb25360d0ffc15448200c666ab4edf38e65","ssdeep":"96:BDkGHVTSY15XWGsQfGJo/JamRKkmP9kDeD3LzwCyi8TunZh:bVTS1KXR9RKkekDGoCyXOD","tlshash":"59523d65f6f40c33113b98ae65f76a8953948f07aa6d7c293b9c2b4c1f1462e0076d3e","first_seen":"2025-02-27T19:55:39.119779Z","last_seen":"2026-01-05T12:50:32.841809Z","times_seen":4543,"resource_available":false,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":61,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-2336/desktop/media_asset/a358167509f01bdcf2d3c8ca5cdedd9b.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-2336/desktop/media_asset/a358167509f01bdcf2d3c8ca5cdedd9b.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-3c7b5a283d4e069c6942aa35ed4ad02c-1097cf98c2326ca4-01\r\nlast-modified: Tue, 17 Jun 2025 07:09:20 GMT\r\netag: W/\"1a7ec72aad44f9540cb604d7cde5ff38\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 15:24:37 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14466,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1a7ec72aad44f9540cb604d7cde5ff38","sha1":"65e5851d652e0471c213282efb5eeee31ae813db","sha256":"94d4bf6bc00a09b766ea0ba441e860dc40ee6d398be80e89016dd0ee662869d6","sha512":"05c4574c3785992daed7bb3616a938d1d04dc9679132ee8997147a21c32d2dab5537e51060ecce9969c4e2ea5c4ba97299c5f2622a3f6fb097c066e189d37f79","ssdeep":"96:75b7Ba79eu4QWGAdryCiQFpzLJLJeHZVZYpH3UGHSTSSbbGiJinHs:u7kJ2VK3UsyinHs","tlshash":"935246d9bae41c33112b60bdd5f7f91aa3dc1f439d4aa8287eac6d4c1b6050500aed7e","first_seen":"2025-06-17T07:58:23.417687Z","last_seen":"2025-11-14T10:22:49.434452Z","times_seen":2557,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/web-api/session","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:50.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"GET /web-api/session HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nx-app-n: v3-nuxt2\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==; window_width=1280; che_g=041e9c43-e114-40f8-94a0-420224164877\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:50 GMT\r\ncache-control: no-cache, private\r\nserver-timing: dt_total;dur=0.102, p;dur=10.925, wf-uht;dur=0.024\r\nset-cookie: ua=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/\nSESSION=790c2f3ee09ba8ab582d92c5f2571852; path=/; secure; httponly; samesite=lax\r\nx-dt: 2336\r\nx-time-ng: 0.012, 0.012\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-23T02:19:52.969623Z","times_seen":15584112,"resource_available":true,"data":null}},"time_used":52,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:50.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"GET /hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==; window_width=1280; che_g=041e9c43-e114-40f8-94a0-420224164877; SESSION=790c2f3ee09ba8ab582d92c5f2571852\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:50 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 615\r\ncache-control: public, max-age=300\r\ncontent-encoding: gzip\r\netag: 32053c9c355cf85427a5cc3f07de0b09\r\nvary: Accept-Encoding\r\nx-dt: 2337\r\nx-request-guid: e93b0c1586cbb55e9e3ed065ea57aa08\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.011, wf-uht;dur=\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1024,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1023)","md5":"32053c9c355cf85427a5cc3f07de0b09","sha1":"f3c13d6a657ffa2ca8997f54f4779f0c02f1600a","sha256":"0ec410318f3ecc3a3aef3de68e99190845248bcc12282aa15eb9acc87f8837d3","sha512":"cbb8c7ef0bbed264989bf5b4af7d216cdeacc5684641c37d429e5ceca7dc04e55254e81f319cd856e7b4f447565bf5abf4e9915f5725eb57cfb142f113362078","ssdeep":"","tlshash":"2211756e18ed58291a9275c402b7ccfc642036363219d4c495ede9e1072ff990032f5c","first_seen":"2025-07-24T09:34:41.13762Z","last_seen":"2026-05-22T04:11:30.415893Z","times_seen":4001,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_824f87a141.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_base-app_824f87a141.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-87d3426eee35c4abbc8d481b7256f5f5-48c521610bac9fb8-01\r\nlast-modified: Fri, 24 Oct 2025 08:31:42 GMT\r\netag: W/\"fd4d92864c0138e0939a7f98bd5c9927\"\r\nx-amz-meta-mtime: 1761294579.125211409\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 10:00:08 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 43548\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:09:54+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1640525,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (23760)","md5":"987c049c58603d6b498ecb921bb84e70","sha1":"6758a56101083d821b8154044f87da6577eaf50a","sha256":"5fcd145e4cfdef1bebf01819dcb3c07080e0525eb16576d072ed72250f06a821","sha512":"59412b18af4dd16d589d2353d0d81d7654c5a4ddb25642ab5decf508403cf2ab75625f85bdebd74c89fb130b7f54c6ddd30ed32610b0f10e53099611dfe2bedd","ssdeep":"24576:JtI6vPM7SQcFy2cincgOr6fKbpUac2A2+DqnBpzYWY+:JtI6vPM7SQcFy2ZcgOr6fKbpUac2A2+A","tlshash":"11259e65f1127a1335e759d9a4631187ba5c4a5dd80cec80f2ebcde83ada41022eef7c","first_seen":"2025-10-22T19:45:40.634604Z","last_seen":"2025-10-30T11:27:15.2766Z","times_seen":315,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/bff-api/config/group/get?groups=d.technical\u0026lang=ru","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:43.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"GET /bff-api/config/group/get?groups=d.technical\u0026lang=ru HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nx-geoip2-country-code: ru\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==; window_width=1920; che_g=041e9c43-e114-40f8-94a0-420224164877\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:43 GMT\r\ncontent-type: application/json\r\ncontent-length: 742\r\ncache-control: no-cache, private\r\nserver-timing: dt_total;dur=0.134, bff;dur=9.43, wf-uht;dur=0.022\r\nx-dt: 2336\r\nx-pod: R-cfsxx\r\nx-time-ng: 0.010\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":742,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4eb311659e468207be5833d01806a6bc","sha1":"5470741fa048379479314630596a5491a24baa52","sha256":"614a8b74dbb5809ee856b8f0d67ef11d72c7b5d7180d3a9929915e02f5254c76","sha512":"95bbe62d24bbf459cf43f18c530ac8ad75d53fa70c368d05efbca987c19d2f6a0e0b7f5bf74e91800a90617a01e5bda9642b5da3841f47842b87aefe26a9df52","ssdeep":"","tlshash":"c501845e00a5ca3d706c063adb865e109eed502b3284b851fe0cacac60d6ddef95680f","first_seen":"2025-07-18T16:37:04.833261Z","last_seen":"2025-11-06T09:03:00.039673Z","times_seen":977,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":49,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:51.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:51 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-b57661b58437b76937bdc4f245aa4133-eef40c7b47bf3061-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2298\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:37:33+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-05-20T06:20:01.978819Z","times_seen":10461,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_542ed6.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_css_542ed6.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-71210ef356e0abcc60ac15463abb8171-f709a112df5ad4cf-01\r\nlast-modified: Fri, 24 Oct 2025 07:25:20 GMT\r\netag: W/\"7eb4f3d4c97ec66a32269ae3b07d7653\"\r\nx-amz-meta-mtime: 1761290610.556130802\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 08:18:25 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 50236\r\ncache: HIT\r\nx-cached-since: 2025-10-24T08:18:25+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11025,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (11024)","md5":"7eb4f3d4c97ec66a32269ae3b07d7653","sha1":"e31f7fc270a78d455c90a57d8c365bccf6ebdfb0","sha256":"542ed6b44d2771468d5e5d4c77dfddaab1f7d4169bf692a087c56f024d9813dc","sha512":"02195935d732af0ae4dceecb4677bcb4ad90d284dfbd27a707ee927fc587fb3a9bacc8bd8cf315ee025b67d1a53b33fb0e9ced17d24ea019deb2a0be9765ec37","ssdeep":"192:mLhA5ZO73iyDDW7qE/eVgnmnh8RbxJEU4PuiPBvDDQ7qOtIZ4Io:QAXOLisDUqE/Y8RbxUuwBLDCqOt24v","tlshash":"cc3226adc9e495231d26b5216388be7c85f0f06aee314e55f80ec6104ad3f9f15e0e79","first_seen":"2025-08-13T23:36:01.800779Z","last_seen":"2026-03-04T04:00:43.402045Z","times_seen":3922,"resource_available":false,"data":null}},"time_used":460,"timings":{"blocked":221,"dns":18,"connect":6,"send":0,"wait":1,"receive":0,"ssl":198},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/vendors/date-fns-locale-71-9b8ee2a4.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/vendors/date-fns-locale-71-9b8ee2a4.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-f80830473642b498ece7dfc7518dcf76-d61fa801c97555c8-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:38 GMT\r\netag: W/\"a177ed398107366b4fe2a9c8af98895f\"\r\nx-amz-meta-mtime: 1761216277.356342565\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:56:08 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40065\r\ncache: HIT\r\nx-cached-since: 2025-10-24T11:07:57+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15920,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (13429), with no line terminators","md5":"8937c70de80a3323f003996ab27e9f90","sha1":"7fd189697a06436537e505e7ecfd2ac5da9d7cc9","sha256":"c7f8e5ce869a6c84ba8f8a97daf898e96586e01c10020e8345d709f6fa8fb234","sha512":"4fbfde24f90b81bce94215b2e525b2955767279d5de22e89bf30180787e5f018d964db050dd82e21cb5a02f17d1d33e11276b134b5e7f650362fd5299cfe2e79","ssdeep":"384:KYFTkndtxlBEW9eDs/CFaFIRTMXA9qwC2UQjGFhy8dTxzjMuRH5:VFwbnCFaFIRTMXAw2U7","tlshash":"2b6266902aeed1974503f935f4153dc4662f59be780bb621d7f18da0bab34b04238776","first_seen":"2025-10-22T19:35:41.578922Z","last_seen":"2025-10-30T06:32:37.244591Z","times_seen":18,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/ru/dictionary_a3597c189e236d2e02ebdaa389e5e0ad.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_game/ru/dictionary_a3597c189e236d2e02ebdaa389e5e0ad.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-5d8d36afcc9bfeac082192180a8f98d5-5e06926c9d504242-01\r\nlast-modified: Wed, 01 Oct 2025 14:12:02 GMT\r\netag: W/\"53dac9dc09fbf88646427d26107ec4c2\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Wed, 01 Oct 2025 15:55:02 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2648\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:31:34+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31853,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ca2d671864efcf2cc3235bdf5cc0a5af","sha1":"59461c40338bde7c624305f971f14caafa81ed6d","sha256":"150fc3773acf35c94b1c78e14361d7d60b308fb7730aefdade6d92e7a8fcb3cb","sha512":"0ee7bb837fa5f97407b4311e646640e6dfe04374f41dc058774a54f55760b3e414b7e06ec8f6deab53723c3f086e41135c8efa2669b5784c9e201f84bc8ab501","ssdeep":"768:mZbVjt0tR0sweCtBjyDuEQXiRga3lOpcrqPHS9Zh8j:CRYHCtBHXiRlaHS58j","tlshash":"39e2ad10245dd8da81b6e57af8557bcb3be888bf2f571242ec78282d1de23a4512f50f","first_seen":"2025-10-01T17:11:53.875161Z","last_seen":"2025-11-20T21:03:38.905655Z","times_seen":80,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/ru/dictionary_3ef934f389ad7be17d23d94ab9342bd3.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_auth/ru/dictionary_3ef934f389ad7be17d23d94ab9342bd3.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-fa6ddbfd797fe5d0994ab307e372477b-c3126593b9c6fd12-01\r\nlast-modified: Mon, 29 Sep 2025 14:10:03 GMT\r\netag: W/\"9c0905fc76a6a88767ef4e24bc20c13d\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Mon, 29 Sep 2025 15:34:35 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2313\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:37:09+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13150,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d7955455a95304f7f41ca158bc0fa945","sha1":"9f99f841d3110b3ae0948effc1fd84271c7a0db9","sha256":"f14390b1d601bfc9ecca3864192ee97817c8d4de69cc6b8a0a328d0efe117486","sha512":"53bc9b2299cb418497f84a1596362b5d158d41115209ca1595a69ec3c9e4ede1e17cdce0fcc63d6a4513c88e3dec677f83502aab33dd7770d6796d74578bf91d","ssdeep":"192:sVFAjdWK9dus9hEsKDFm+vf8JfGPbGy58gBZQpspMg0CPpnjDGd7wldgjL9g6O89:WAluKisKyJfPgB7pMg0ejaRwldgvJw4","tlshash":"2552ef1151b918c98b4be01bfc04ae093feac9fd6eae0b551cf8da7f25e2190c16d719","first_seen":"2025-09-29T16:52:59.798661Z","last_seen":"2025-11-11T14:18:19.856116Z","times_seen":78,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 5202\r\ntraceparent: 00-bad63d698a01f706776d4d9dfe0b28ff-b993691493875bba-01\r\nlast-modified: Wed, 26 Jun 2024 08:22:59 GMT\r\netag: \"b9a636eef54b2844b571fe7de49184a7\"\r\nexpires: Tue, 07 Oct 2025 21:12:04 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1039\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:58:23+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5202,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 514 x 514, 8-bit colormap, non-interlaced","md5":"b9a636eef54b2844b571fe7de49184a7","sha1":"bf653690790ced40eb3189da075a275d951d1607","sha256":"001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743","sha512":"7b288a27a69c91697042ebb6f80f48cf25e0c6260620ee8f4b0e7afa75430b95c394c3f284445e0628b347341b89480e2e7098510bc07f4db43ecc46d893c38f","ssdeep":"96:561aQaPXOi0Ui/+kgrJtv72TgGuDG9JAsXgQrjQ:470T0PEnv7Sgc9vPQ","tlshash":"56b19e22d46fe4a53230c81b67c1820a1df839c6e72c29d0e8ed4db5e2c8b7f84883c4","first_seen":"2023-11-17T17:46:27Z","last_seen":"2026-01-13T06:38:33.673472Z","times_seen":5260,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_FCX6UWBT.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_vue_deps_FCX6UWBT.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-964385215fe7f9826ee0e3105103d198-698630df862a8928-01\r\nlast-modified: Fri, 24 Oct 2025 07:32:18 GMT\r\netag: W/\"588b298e9096c73f4d84f2961d4378ba\"\r\nx-amz-meta-mtime: 1761291098.796946219\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 08:28:49 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 49280\r\ncache: HIT\r\nx-cached-since: 2025-10-24T08:34:22+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31184,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (31044)","md5":"588b298e9096c73f4d84f2961d4378ba","sha1":"568c0ac4c8540c21caf445d8490348a9929143da","sha256":"cc5353d60fc3bbcefb808e19d05925ab3fb0cff09092317813265725e95fa808","sha512":"a093cd11cb064df4b612ee5ee7128b352a1bfd951eaaa68553cf0aba097e9561774ecca5d78f3e0b6dbea18d21bade34a0d18426d66e0b37f9f67a439d7d3051","ssdeep":"768:lwZ1yyQBOuHJ3aUiJJUfns+/C8vsqJlm8qgqYHg7FD0v341KE:lwWBOuHJqUiJJUfns+/0qJlmbgqYHg7H","tlshash":"65e25cd8b779bca2335e908c90370323b37559e7484d9020f7e65e9235a5a0282e7f7e","first_seen":"2025-10-09T09:08:10.597929Z","last_seen":"2025-10-30T11:27:15.273914Z","times_seen":1015,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/efc2f007b9.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/efc2f007b9.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-631349ab7616ccae789ae99605eb7083-583893859ec12fd0-01\r\nlast-modified: Fri, 24 Oct 2025 11:28:02 GMT\r\netag: W/\"dfea5f2f27a58d82f748a20d67226ea3\"\r\nx-amz-meta-mtime: 1761305221.382615688\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 11:35:20 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 38369\r\ncache: HIT\r\nx-cached-since: 2025-10-24T11:36:13+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3094,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2774)","md5":"dfea5f2f27a58d82f748a20d67226ea3","sha1":"133e070cd3213ff29a5e3a7f37f64226d1d2d558","sha256":"d0e32171c154a9c0bf1c23020f4c48f07280cfd2c46b3a186a7e2d83582e53db","sha512":"d765db34c11e70b4f4c0439472159ff2002d076623bc54513823fd0e4d8cde929e2992daf6658b967f41f4753cb34628333f3485da7c48208dd1d0a5d70ad5ff","ssdeep":"","tlshash":"5451d8dd26f534b43d1d4e69e81a3471c728284b36bde8f0e6bd5f60032065ce2a5b86","first_seen":"2025-10-24T11:37:35.772529Z","last_seen":"2025-10-30T09:36:52.144554Z","times_seen":257,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:52.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:52 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-62ca2c3c531a0ae2ebb0360e132dcec1-7fe0867bc1e32bcf-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1818\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:45:34+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-05-22T14:56:24.389605Z","times_seen":10609,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/vendors/plugins.vue-notification-45036fae.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/vendors/plugins.vue-notification-45036fae.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-518a06c60efee0220bd94b77e79e1dea-4997077c63d56586-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:38 GMT\r\netag: W/\"68c44cb604f3869c637a35ed2c344acc\"\r\nx-amz-meta-mtime: 1761216277.358342571\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:56:03 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40664\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:58+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12563,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (12563), with no line terminators","md5":"68c44cb604f3869c637a35ed2c344acc","sha1":"3c4ac5ca9779efcf5f50dfe8b3a8c9a9d3bc9b1a","sha256":"9b7e131059289da49f11abea6b13603a870782d7378c4fd8eb1b4b53ecbef7b7","sha512":"9d84e02a3e3304288252e8186c9202fbe8644fae11deb9ce000caf9ad096db75133a62ab0064b929c7ccdba968c9fbcea7b0cf6753d720e06f20eb07be2abdbb","ssdeep":"192:hU1hQXHv3CbfKpqEVwhSIkrReP+SdHtfGA2D3ow5EE9bJ52bFZLy2mp4ilVj:hn3CmpcDkAP+S/fGAWf5VbWbLy2mmijj","tlshash":"634296ceb2c2b4650be760b6402f110af136a96869ab54d4f3b1d4f2adb564c413bf39","first_seen":"2025-10-22T11:25:36.138391Z","last_seen":"2025-10-30T11:27:15.288986Z","times_seen":376,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/Page.Block-5850c141.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/Page.Block-5850c141.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 475\r\ntraceparent: 00-0df83c71b93435cbe0e84b7d2ebb18a5-d336d66fd0c6ebca-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:37 GMT\r\netag: \"87870fd4c5d3d7b49b0844613e2dcc2b\"\r\nx-amz-meta-mtime: 1761216277.326342469\r\nexpires: Fri, 24 Oct 2025 10:56:40 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40664\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:57+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":475,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (475), with no line terminators","md5":"87870fd4c5d3d7b49b0844613e2dcc2b","sha1":"0118f40cfe763452f3920a15dd15d4b4d55395cd","sha256":"11d8da81797427e7b20bd4981caeb142c0a2e5868182d00eb21e45501fbeb96a","sha512":"5a55df8f6931ab46c7149b0739513069eb700659675bf7400856349d809d7fdd16a5283b3684dc9346927d6cb5c829c93ba34e4d21eec8a93994ebba4c116ed0","ssdeep":"","tlshash":"cbf00e9b6862fc8e94e600c743b681f7b48c797a0649682002a0c8b132b6816081128f","first_seen":"2025-10-22T11:25:36.107748Z","last_seen":"2025-10-30T11:27:15.246174Z","times_seen":359,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/app-27bf5ff5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/app-27bf5ff5.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-66b726266ee5d7a5735a38304f6b5bda-6b00427c3829e698-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:37 GMT\r\netag: W/\"037c03a031557d6e3092efaec5970895\"\r\nx-amz-meta-mtime: 1761216277.329342479\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:56:02 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40664\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:57+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":456237,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"037c03a031557d6e3092efaec5970895","sha1":"69923bb517630366e25d437bdeaa3adca4a4cf65","sha256":"b445fb0fe8eee46aa91eb902d6429dee71c93ad91ef8935260e39a9e2bceb188","sha512":"93b1e12712305998b8566f9f163673159d4846440b95f5fe28ba5926b8646ca03d12aee12fc7fddbfddbbf221f0e4ed4f767c0038924fd4dab983a7ee31a9808","ssdeep":"6144:+LeT/eQ+NaCwYx9lyQeZKDr+mpZ3DnsLljKmHEKzbvqvtoST/i8LgivMNIdamD9W:1/eDXDZBK4NThDLZTXg+tk","tlshash":"71a44c65b5c8f4ca02e34bdae03a1061e33916b9780dd064f778fdca359bc05926a67f","first_seen":"2025-10-23T12:23:23.487308Z","last_seen":"2025-10-27T08:52:17.996832Z","times_seen":190,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-2336/desktop/media_asset/582b45263a6ee1ad8f9a8385d2b3228e.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-2336/desktop/media_asset/582b45263a6ee1ad8f9a8385d2b3228e.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json\r\ncontent-length: 182\r\ntraceparent: 00-15f354e6b7c12a156501ca949de1681c-947a785f6fdf0ba2-01\r\nlast-modified: Tue, 17 Jun 2025 07:09:20 GMT\r\netag: \"0a64a07e9a34e8a5b5e97e80a10888c5\"\r\nexpires: Fri, 26 Sep 2025 15:24:37 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":182,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0a64a07e9a34e8a5b5e97e80a10888c5","sha1":"82545cbc39b7dcc031dd10dea841a0b3698243d6","sha256":"7201497e7e8cdf9d35bf6998e43dcde5feea535f9828ce3ee98785781016126c","sha512":"fd619b94af18c7082a4f18556f1443081c8dc650b263c49c56f2514184d4f62e253ad87a220baa9396d7a06bc9ec3cc8ec75eee829a6c1016c4a3af2c1afa5ae","ssdeep":"","tlshash":"f0c02220e5f88823012b68bc80eaa55417504b2339021c20374c0a884b6162400149b8","first_seen":"2025-02-27T19:55:38.982186Z","last_seen":"2026-03-31T06:06:31.551304Z","times_seen":4136,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nContent-Type: application/json\r\nX-Lang: ru\r\nX-Uuid: c4b553aa-8db0-423c-8230-b37ad55e6de7\r\nContent-Length: 98\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 2336\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.155, wf-uht;dur=0.012\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"11d8dee5c9a40383d3cbef305380faf7","sha1":"7db7437dec66ec058b3fca3facef7c50b84aeb51","sha256":"3f7d614e305ee1c4dfeca22aa2a771bccb54fc421ef288f971ed33f988b4e2b9","sha512":"06c68991d83a9842804b3e840d593664769b6b6d373c8327e8fe8717ebdcb1eaf1b6e99e6813c1945ff13738d70ca7b62d50bf6d5ff934939f0ba023b87499ef","ssdeep":"","tlshash":"4b70008820000000080008022b28080c0a2088828002002b0c80a0200a00cb008ca083","first_seen":"2025-10-24T22:16:15.662599Z","last_seen":"2025-10-24T22:16:15.662599Z","times_seen":1,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7ae00eec92.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7ae00eec92.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 614\r\ntraceparent: 00-161ecb081af06aa532cdab26504e8610-024995366694bad3-01\r\nlast-modified: Fri, 24 Oct 2025 11:28:02 GMT\r\netag: \"3bb7acaea112b0e164d54b6388a06eba\"\r\nx-amz-meta-mtime: 1761305221.381615606\r\nexpires: Sat, 25 Oct 2025 11:35:20 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 38369\r\ncache: HIT\r\nx-cached-since: 2025-10-24T11:36:13+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":614,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (613)","md5":"3bb7acaea112b0e164d54b6388a06eba","sha1":"b2b570ba1378ba53741432fc2993c82a9c9fcffb","sha256":"b431ecaa38077381d02738964d2b81f25e8e3c4eea1814750a6edbe1ec93dbe3","sha512":"bebfd7215f3f2bad108a832d9eb62a0a92a3853493fd8da33535fae143e99b2d8acdd1a18e6b7b135e31aa4f3760155e2f85a7329a8c33b7814cc40fa72153df","ssdeep":"","tlshash":"caf002be9d339160610248995d1eb422c2883d6b0b6a75f482f80953a3420939a035d7","first_seen":"2025-10-24T11:37:35.738569Z","last_seen":"2025-10-30T09:36:52.067404Z","times_seen":257,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/90111b00dd.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:43.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/90111b00dd.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:43 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 740\r\ntraceparent: 00-862d8225792fe8115c200701fa7db034-25fdccfff1b0ded9-01\r\nlast-modified: Fri, 24 Oct 2025 10:53:58 GMT\r\netag: \"84a8528e292464b10131ec54939f23f1\"\r\nx-amz-meta-mtime: 1761303186.486828903\r\nexpires: Sat, 25 Oct 2025 10:58:34 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40302\r\ncache: HIT\r\nx-cached-since: 2025-10-24T11:04:01+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":740,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (737)","md5":"84a8528e292464b10131ec54939f23f1","sha1":"cf4628df1e287f1547728a2a6df857461daefa44","sha256":"e24721f05baf6d0744e5095f292c9040c5ee5dbc7ee4b4c7ac86aa2cf3c950dd","sha512":"2d58a3879b2eeaa9311aa20a931af6cfef7951f02894e1c533d6795bd6ccb7534281fd94744326d160f5bcdd126f04b520bdf9f959b37ea61d96e7263cb8fa51","ssdeep":"","tlshash":"fa01106930b69188a5eb49cabd24107a97381a023b1b5ce5f7dd86b3405a18259ab886","first_seen":"2025-10-24T11:33:34.501491Z","last_seen":"2025-10-30T11:27:15.287335Z","times_seen":261,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c858d505c1.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:43.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c858d505c1.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:43 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-de62ccc8b151a114380604d449e681d4-a15686569d4ade08-01\r\nlast-modified: Fri, 24 Oct 2025 11:28:02 GMT\r\netag: W/\"91bc7dfc66a8d3f9c4841546142da182\"\r\nx-amz-meta-mtime: 1761305221.382615688\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 11:35:20 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 38370\r\ncache: HIT\r\nx-cached-since: 2025-10-24T11:36:13+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1973,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1972)","md5":"91bc7dfc66a8d3f9c4841546142da182","sha1":"0ec235cb21b420b16d6ea8f22b390aa2bb7f182e","sha256":"fbdd2031f618da40a4582a3d649e9c65d68bacd2c38056580d8f6cf641a66182","sha512":"054cd172236bca38f6395b5d58afed1942f0365b09a8452936af9ebf910a3e6bfb3890290eb5c5338120841dc84dd1b24f39d79b16553d4bbdecb0cdbeafca1d","ssdeep":"","tlshash":"7341c895b2b031f3f677515dac0660f1c3083a9d132e10e8eae9484e220c9c32767793","first_seen":"2025-10-24T11:37:35.753558Z","last_seen":"2025-10-30T09:36:52.119539Z","times_seen":257,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/css/53e7fb75.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.352Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/css/53e7fb75.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-a25fa809194de7b41fcfd3bea7f3ed3f-2b495e0fb6ec56c3-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:38 GMT\r\netag: W/\"fbe01578f4eadfd03dd55f5949b128f6\"\r\nx-amz-meta-mtime: 1761216277.349342543\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:56:01 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40665\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:56+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40644,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (40644), with no line terminators","md5":"fbe01578f4eadfd03dd55f5949b128f6","sha1":"f369e7b4ca2ae2f675e73208ee7100d5f19de5cb","sha256":"302eb724d7d17baffee3f3514184b74bf22be13f5cbf402f4c8bf15c093d36be","sha512":"6c847b82d5134541e2f318c54773b2b16663f81b6def3b75ac3b8c0c90ca301acc9c9b1c6ee15a05161cda70fc0bb4af7ac4f128d80f28ce3916727865ce3bd6","ssdeep":"768:SnraFC/9ApQze5i/aWVXuNVuvLh0TEAhZMsPXQzX8:erYC/9ApQzOi/aWM","tlshash":"d603005dfca8d1760d27f521a288be3c01b0f42ade314d96f90e57a518c3f9b15e0ea9","first_seen":"2025-10-22T11:25:36.358985Z","last_seen":"2025-11-04T09:38:15.961283Z","times_seen":506,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":59,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/vendors/app-deeda7ce.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/vendors/app-deeda7ce.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-6f7268990de643d30ebf7569c28c1d50-27f18a32d9326230-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:38 GMT\r\netag: W/\"d79cb00e8f0dc0b0b950399c32c05ce4\"\r\nx-amz-meta-mtime: 1761216277.356342565\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:56:02 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40664\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:57+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":962766,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64585)","md5":"d79cb00e8f0dc0b0b950399c32c05ce4","sha1":"a918e4ca86d9bc860d0296b1878834935517a4da","sha256":"67e24942bf1605b1847fddea708bf7dbcbb45ff047c460e3ce68a09e07474c66","sha512":"3a580dc57c9e2fff29cbaf8119ec1433933d821b81c9708aec647213fa99f68e6bd09560fa13420cbe4b31b691916e9909354d9743c9b971d780e7a16bc8f84c","ssdeep":"12288:wdQX/yYLlWkWpdY4g1KkrOIC+uqezYCr410eNSD:vX/yYRWkWpdY4g1Kcgxq/w41hNSD","tlshash":"f9254c69b981f2560aa36ae9c06b0057e33d6f1ebc0cd454f2e7cdd5395a804713ab2f","first_seen":"2025-10-22T11:25:36.520281Z","last_seen":"2025-10-30T11:27:15.26952Z","times_seen":376,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/vendors/plugins.v-tooltip-2996912f.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.085Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/vendors/plugins.v-tooltip-2996912f.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-3024fe6c31aae292e928b5f9aeb85a1d-9fc903cefadf93b5-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:38 GMT\r\netag: W/\"6af90906031ea683190fd38d310a3648\"\r\nx-amz-meta-mtime: 1761216277.358342571\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:56:03 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40664\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:58+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":76773,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65476)","md5":"6af90906031ea683190fd38d310a3648","sha1":"50b8a3a3357c8096325101aab8aaa8b242254249","sha256":"0f66e1a32a0f80579566b634c250fea0b793da9bcd99183be13569c7057846f3","sha512":"6268b55b199198af5668c9ef18d22938a4d1a8e65eff5a10bc2df050d3737bd43d6844fe913c7c281f1b3f2ece364dc4af96781cf22eb3baeca0d10dcc1a3c0d","ssdeep":"768:qlVnNgyCt/gswmmWMZI+7tSCUC8Lk7t8R6zk+BaNfSby/Qw/HLg57bh0PGBwrWdD:qlRN9ClgOmTPRSCv1MHHWdRfm5S5v","tlshash":"c473c78e7394f0b203e7b175413f620fb2776558a40ae014b2b1e5d4ac3da5aa277e3d","first_seen":"2025-10-22T11:25:36.527003Z","last_seen":"2025-10-30T11:27:15.25622Z","times_seen":376,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-90f76a81075454bbb51e8aed528da43f-ae672909727cea35-01\r\nlast-modified: Fri, 24 Oct 2025 11:14:22 GMT\r\netag: W/\"bea5b052c307601192270938523fa030\"\r\nx-amz-meta-mtime: 1761304430.912568354\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 11:28:40 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 38822\r\ncache: HIT\r\nx-cached-since: 2025-10-24T11:28:40+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21252,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (21232)","md5":"bea5b052c307601192270938523fa030","sha1":"937f7094c67f5a92c1032a7bc3f21ee94bec66ef","sha256":"f41290374ba615854ebb4b28a07de775581707f3b6427bcc01c0529c62476f64","sha512":"b9bff7f7d9b518ec76898a732114873c01206378c2a840c62062f05487ef773716ce841d7a5bafe3f0c65fbfdf05509852571a3a6b381661cb6f4984d6bc23a9","ssdeep":"384:ZP7iayBuR9vu3z1JXvykd2+LaqHdC6RjVnTGm/7piCXmH8kCCcvJTCyCu+meAxiZ:piZwO3XvO+NMSJt3XmckXcv4nxJAxiH5","tlshash":"7b92a28c7684b0a287a7a2a7a07f860f71376865650e9004f59cf6ec3c35dba507bc7d","first_seen":"2025-08-22T10:11:14.555802Z","last_seen":"2026-03-04T04:00:43.408775Z","times_seen":3920,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7e5828ba4b.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:43.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7e5828ba4b.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:43 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-b79158d99a13e828ae8028aeef26a2c8-171ce912349f852f-01\r\nlast-modified: Fri, 24 Oct 2025 11:28:02 GMT\r\netag: W/\"daaf9e2546cee89bd1b6b8660876f6fe\"\r\nx-amz-meta-mtime: 1761305221.382615688\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 11:35:20 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 38370\r\ncache: HIT\r\nx-cached-since: 2025-10-24T11:36:13+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3201,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3200)","md5":"daaf9e2546cee89bd1b6b8660876f6fe","sha1":"be945af3a9bc57ee1a537428025e845bea37404c","sha256":"49c7e0b379f3853409f41ecd88c9dd4fc43e3363e7159f71ddab88dc08a80c0a","sha512":"263ed54a269f8cbcd9c81fea21a2aa303dbeaf1d85e208019ebb44d77ef038fb6c31dcdcafc7a50702a02fe2b98e6bb02613b0a92ede8ab67a110c408088f1ea","ssdeep":"","tlshash":"cb61b78178b6a0fa7917418d3d5270b0e34f1d79575816b1f2f5888823ee2845b2e6eb","first_seen":"2025-10-24T11:37:35.821168Z","last_seen":"2025-10-30T09:36:52.07472Z","times_seen":257,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/hd-api/external/019a184a-dc14-7ee4-91a7-ad22a5b8e672.js","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:50.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"GET /hd-api/external/019a184a-dc14-7ee4-91a7-ad22a5b8e672.js HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==; window_width=1280; che_g=041e9c43-e114-40f8-94a0-420224164877; SESSION=790c2f3ee09ba8ab582d92c5f2571852\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:50 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 101389\r\ncache-control: private, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nx-dt: 2336\r\nx-hd-trace-id: jHIfaw9Ap6zrEVKpCQxhphLC9SRaZ8nuDOMc5V6ebQiyOYt7IB21h//lizUQjRdWT+mhXOf5SkwZzI+cDsPgSs3aJfWSpTrpKr21DWYw5R1n3xhaxfxg6Qh/S2yoPl9AnRTY1fyD8zbEBbdWElO4oGeFJ0TKqTLyMqI+M38QFatyi7AQ1VqQ3WsUr4lN0gTGdXU=\r\nx-request-guid: 128b05434884d55f1a7a9bb8d29d2331\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.126, wf-uht;dur=0.029\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":344771,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4e35362f521fe39e7c309be8f8af77c6","sha1":"18708e5f84bd24fab56b8ee472c3f69bf956dc60","sha256":"d7df9231c371f7460638d4fb77b6b1e9fc10b04813eda97e46f2bd298787bf2a","sha512":"214c3510eb501f7335679598bdc28eb105a7b9c61f8ddeddb2f0ad4ec9d75520dd57b2cc50820081892323385abc56d9bd28bacf3f706bccec47d4907c71247d","ssdeep":"3072:1b8+MPS9bd2uRzNngDTU/QKScvR00w5+xpuclD/cBWdXf0kebfT4CfPvD52we7zy:1FMP8bNncTU/QKShwxpB/dI9xHZ","tlshash":"2c742c892c61dd48eee51c2315f5ed9d94cb2d4f7a9cd268a603f3bcad9c63db060a01","first_seen":"2025-10-24T22:16:15.671424Z","last_seen":"2025-10-24T22:16:15.671424Z","times_seen":1,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":56,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:54.102Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nContent-Type: application/json\r\nX-Lang: ru\r\nX-Uuid: c4b553aa-8db0-423c-8230-b37ad55e6de7\r\nContent-Length: 109\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==; window_width=1280; che_g=041e9c43-e114-40f8-94a0-420224164877; SESSION=790c2f3ee09ba8ab582d92c5f2571852\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:54 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 2336\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.088, wf-uht;dur=0.012\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3cc3772f8ce2fa50a611687be10fd466","sha1":"f135b48de6b760dc0e05b024234c9187373cfe6f","sha256":"e967c47938856d4e5c1497956086b3ee16380866e7931596ced57784c7daf059","sha512":"5c9633565bdfd697e64cb240ac7b0ee74d571b38ab54b2f3ad6f08a10f8b85fdb0ee94c3d25fdc5cd1245eef7771a7638dd42b8aee8f8834df84b6328291021f","ssdeep":"","tlshash":"2870008832803200008828030aaa2c8028208800800a80a3088028e20002fb2008a003","first_seen":"2025-10-24T22:16:15.673063Z","last_seen":"2025-10-24T22:16:15.673063Z","times_seen":1,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_e9c881b43b.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_e9c881b43b.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-cea7f9e885984ba60856cddec8666869-57362a6bf41daa79-01\r\nlast-modified: Fri, 24 Oct 2025 07:32:21 GMT\r\netag: W/\"a4a18ae51843c635fcbd72697fef91f3\"\r\nx-amz-meta-mtime: 1761291098.774945316\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 09:06:16 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 47365\r\ncache: HIT\r\nx-cached-since: 2025-10-24T09:06:16+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3676,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3675)","md5":"a4a18ae51843c635fcbd72697fef91f3","sha1":"72ab3b809992b85801884e7e67e846e07d7bafa7","sha256":"6d218c3466eee591e86432b09f3536529b0542129e78c56f17967c33d8924eec","sha512":"2cff3445996c77b95bd2c165774b33cd1af1ab8407f0b582df9dc1a5195e27b977ae1b36094296376c6c181c4ed5249087148f196c7868ba7b2c2a2101cbe715","ssdeep":"","tlshash":"3c71639abcb4c1398933f812128c8e7d0671fdaad9251c8ef6dd872654c3a970190af9","first_seen":"2025-10-09T09:08:10.646635Z","last_seen":"2025-10-30T11:27:15.243146Z","times_seen":1015,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":68,"dns":16,"connect":8,"send":0,"wait":1,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-2336/desktop/media_asset/bc39045d9e011a7ee717124708e28e20.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-2336/desktop/media_asset/bc39045d9e011a7ee717124708e28e20.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-d60b8f04fece9039eab14deec66b53c4-d2aee254219972ae-01\r\nlast-modified: Fri, 01 Aug 2025 06:43:56 GMT\r\netag: W/\"b255cc6c6ca667c6f42f2d9ab151b21e\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 17 Oct 2025 14:35:32 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7481,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b255cc6c6ca667c6f42f2d9ab151b21e","sha1":"a0c241d3c2fa56d392cc204f2d386046a5273a9b","sha256":"9c347db4287a13bf6e86c34baa07bf255437a85566ba14a77199a753b73a400b","sha512":"62bb36631dfa4cd6790efcf39ff920a0b11741cd1b5ecd936ecce083090c0336cb216eb28f838e05e27fff2509a6b8724d0f6c61349da57506e6eca112c8a294","ssdeep":"48:TzABBABGkABjABFygABCN/ABCNYN8ABWHABaEABzzEFABIIX4ABBxSHsABYiwABp:lFbClXCL3cblP+XyLO5GIM","tlshash":"e7f11784fff04c33112f94ad98b37a89a7884f07a95a7d1c7f9d294c1f1451a04aadbe","first_seen":"2025-08-01T12:24:56.656253Z","last_seen":"2025-11-07T10:46:34.805118Z","times_seen":2150,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/seo-module-api/api/public/v1/analytics-counters?project[id]=2336\u0026domain[host]=1xlite-5227452.bar","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"GET /seo-module-api/api/public/v1/analytics-counters?project[id]=2336\u0026domain[host]=1xlite-5227452.bar HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nx-app-n: v3-nuxt2\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==; window_width=1920\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json\r\ncontent-length: 11\r\ncache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300\r\nx-content-digest: en35b8564af43c1302eac9a53676625934\r\nage: 458\r\nx-request-id: 8bfe908a384151b52f3032aaf66eef03\r\nx-request-guid: 8bfe908a384151b52f3032aaf66eef03\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: p;dur=1.2359619140625, wf-uht;dur=\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e0234245cb00aa260ccfa99a9a0b235e","sha1":"1050253aec7b29caff644806927dabfa81406eee","sha256":"8fe32e407a1038ee38753b70e5374b3a46d6ae9d5f16cd5b73c53abaca8f5ed0","sha512":"6947ea2242462d4b9ce1e0456b68f5a75f979c67fff32db35305a389a3f44fe708f2c25086c54dc8d6e8e8046fc4057b401fa5f123272dd29dae738d162cfcb5","ssdeep":"","tlshash":"485000003c003c000c0000ccc000c0c0000030000030003300c00000c3000303c00c30","first_seen":"2023-04-06T08:21:00Z","last_seen":"2026-05-23T00:16:27.976302Z","times_seen":7114,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PJNUBKRP.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_localforage_PJNUBKRP.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-11bf536042587e725edd9298e9209b37-141293ab10768762-01\r\nlast-modified: Fri, 24 Oct 2025 07:32:18 GMT\r\netag: W/\"7e7ebd44e3a6550f862e122ab7df6409\"\r\nx-amz-meta-mtime: 1761291098.796946219\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 09:39:28 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 45374\r\ncache: HIT\r\nx-cached-since: 2025-10-24T09:39:28+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30277,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (30255)","md5":"7e7ebd44e3a6550f862e122ab7df6409","sha1":"384ecbc3ab0f65e6b0f88c1e68ba3eb73fad4999","sha256":"138767518a09e63d24f918f6380923893a2ec3aa59a640e51c83517501823076","sha512":"e2766b50e289dc6a69fa30432a49a0b7743f15cd15a54d707959c7623f258057a821a94285c492746216cfbf815089309b6cc09b930ba7977ff9c4ffc352d76e","ssdeep":"768:wDKAOpvMewHFuM96WwZACjzz46zSTKsBE1OvFXfX1UXk:wm8uPW43zEIOvdlUU","tlshash":"a5d2b68c7799f02683bb3070907f580ef237a912594d90a0e591e5f86dbd75c822bfad","first_seen":"2025-08-22T10:11:14.535778Z","last_seen":"2026-03-04T04:00:43.425133Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:52.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:52 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-d107084d7573f76bbc6224920541ff55-bc2e3ce7037d7194-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1818\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:45:34+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-05-22T14:56:24.389605Z","times_seen":10609,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/site-admin/colors/07cf27f4829a85fa0f8f250f95003b0f.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/site-admin/colors/07cf27f4829a85fa0f8f250f95003b0f.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/css\r\ntraceparent: 00-1a5157323abdcf618544de6cf0934c50-750eb4dd4548929d-01\r\nlast-modified: Mon, 20 Oct 2025 07:25:48 GMT\r\netag: W/\"07cf27f4829a85fa0f8f250f95003b0f\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 09:25:19 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 274\r\ncache: HIT\r\nx-cached-since: 2025-10-24T22:11:07+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40978,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (40978), with no line terminators","md5":"07cf27f4829a85fa0f8f250f95003b0f","sha1":"2dea057c3bafcf85a0ea75b5e3289517d5d66d6c","sha256":"dc072e5636eb8c2897cf992d3e688c57856517393f38e9f0df5e913f64a53a4b","sha512":"3dd26f5e84f416ea229cb9a8d4933280581056dbd91fd0e71d0510a8647d0633b5d29a49262af7ab3de7ea82a8461a24784c2b9f350cffb1a3bfe85545b30ce9","ssdeep":"384:+EO1mFSK75xWt5JkyunibMhS4EeIIc+7rpeN:+EO1mFSK75xWt5JkyunibMhS4pIypeN","tlshash":"88037b7ded91c1712a591931911c677b3d36e9ceae240f8fd02c63e670c1b022be5a7a","first_seen":"2025-10-01T08:34:29.157739Z","last_seen":"2025-10-30T12:45:26.171228Z","times_seen":1005,"resource_available":false,"data":null}},"time_used":465,"timings":{"blocked":226,"dns":19,"connect":1,"send":0,"wait":1,"receive":0,"ssl":215},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-ui/2.3.456/Desktop/Default/client.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-ui/2.3.456/Desktop/Default/client.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-9a9e7421716dacbc4d72e86046e3b0a5-b09bf782aba11378-01\r\nlast-modified: Tue, 14 Oct 2025 15:29:49 GMT\r\netag: W/\"e566a837e2a0652ecf4273e4d56b5860\"\r\nx-amz-meta-mtime: 1760455786.881927256\r\ncontent-encoding: gzip\r\nexpires: Fri, 17 Oct 2025 20:11:41 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 7383\r\ncache: HIT\r\nx-cached-since: 2025-10-24T20:12:38+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":617663,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"e566a837e2a0652ecf4273e4d56b5860","sha1":"02b5de2a655bf578ea0c14eaedb36d5d25f971b4","sha256":"e2d34097731fe3476bfd2a643322142ea4d4629fb79107af1d0f6d3e8a8f61f2","sha512":"6545a7944637bbc6a3899303e7e493ba8e41f9f9a329364e696be66e6f28a6ca40112aa8746fd681e0dd144ee0c47271a45db9d85629a12060840e760a41a7f5","ssdeep":"6144:sQTPSTqiH7I7hiDONDN3aBnesPIotova5Uz1KfN6SLe/p739DuZtDD/q90LgrV18:mTqDJqeIege/p739DuZR/q90LaMd","tlshash":"42d4841cf29e91353e37e62162844ffc2630b7579a221c7ff49a019a0ec355371a6dab","first_seen":"2025-10-15T10:41:17.437287Z","last_seen":"2025-11-06T09:27:22.271601Z","times_seen":912,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":63,"dns":17,"connect":6,"send":0,"wait":1,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-36cf6dc988e074b4339d887acdd37fe3-78f25cf2eeb18aec-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1807\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:45:34+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-05-22T14:56:24.389605Z","times_seen":10609,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/Betting.Core-adab9a69.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/Betting.Core-adab9a69.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-6d5b0b537040cb5905815aa18506433c-164d52de1f4827f0-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:37 GMT\r\netag: W/\"cc039f30eda61cf5ac607428dea6b65c\"\r\nx-amz-meta-mtime: 1761216277.325342466\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:56:04 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40664\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:58+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1963,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1963), with no line terminators","md5":"cc039f30eda61cf5ac607428dea6b65c","sha1":"0a5174196436ab9199d223b191e7c6581cfefd8f","sha256":"36dd8523aa00bc38c50b3dedd6577cf2715d26445ea1f5f838b5623c20a906c5","sha512":"b14b9db521ec1b243cd13973d1bee1d4d2351fade2c76c7721e2032555ee3f0283ce9fb1bcfc115fdc6e37260ecf5b883acc0111364fb65a7e35ab9120186208","ssdeep":"","tlshash":"4041a58535d33c48433d50dd80fb29e6f0b86fa9290d01acb482a9d47028a96c1f7ec6","first_seen":"2025-10-23T12:23:23.406606Z","last_seen":"2025-10-27T08:52:17.907499Z","times_seen":190,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-3b61338697.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-3b61338697.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-861b2f68a4447b8d677051baf25ae59f-65ce111715d6f6e4-01\r\nlast-modified: Fri, 24 Oct 2025 11:28:02 GMT\r\netag: W/\"da3b79df39ccb8109cd7a8141ff7a204\"\r\nx-amz-meta-mtime: 1761305221.38361577\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 11:35:18 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 38370\r\ncache: HIT\r\nx-cached-since: 2025-10-24T11:36:12+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23752,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (23207)","md5":"da3b79df39ccb8109cd7a8141ff7a204","sha1":"0d69fc9baff1645e2052ee2f03a751dbc41f47db","sha256":"939aa889b4f1cde738cbc00a11440df10410763c17437dc90eaab09cf2f93e6e","sha512":"073e637c591f2aa203eb282f10ed31ba027f691ed6a861b28d71074ffe6d90d239b90e96c33ff5d17e0250efe1dcd0b11d33219622071f43df67079bcf6399fb","ssdeep":"384:H1GgN7ay1ZxtPlaMr+WT3Cj5lWg5KKAqYndKolTxolw8Oi2EeLcl+96VWBHDCid/:H1rV1tP8ZWT3Cj5lWyPAvdKolTxolUca","tlshash":"ebb25f742597b0b625da9a582779bc83d3c80f6fac9bfde2508a48e613d304880567f7","first_seen":"2025-10-24T11:37:35.809263Z","last_seen":"2025-10-30T09:36:52.057597Z","times_seen":257,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 865\r\ntraceparent: 00-320baa78763c838bda3435b0991e215f-87252d7c68d863de-01\r\nlast-modified: Thu, 23 Oct 2025 15:42:33 GMT\r\netag: \"00e44cad05af09626c2b10aeee7de5a3\"\r\nx-amz-meta-mtime: 1761234139.979354078\r\nexpires: Sat, 25 Oct 2025 05:33:20 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 60142\r\ncache: HIT\r\nx-cached-since: 2025-10-24T05:33:20+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":865,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (840)","md5":"00e44cad05af09626c2b10aeee7de5a3","sha1":"4461fd05cdd85255f4ab24edd5ac80e7b6dec92e","sha256":"5277a86b8db312b1e34318cb994829e113d8204c3a2e88ab594e5135b2bbfb2a","sha512":"548bf615b1118881d21a0cfd2d530b3f0ce1e14cc93cb6afce662b30ac70877fa152fd71b5d786bb2e43e31a1980e00b83106b1f4b3ae12fbb2ddbedf6c81841","ssdeep":"","tlshash":"901159c232e3a0d183e058cd1001d906f23969e9a4bca0c9c757e6b93cb2a53d87672a","first_seen":"2025-08-22T10:11:14.567955Z","last_seen":"2026-03-04T04:00:43.420123Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-51d0236113a793d3caaf106ff6d192ec-9ef5138e51dfc004-01\r\nlast-modified: Fri, 24 Oct 2025 09:21:25 GMT\r\netag: W/\"83e311eb8e222d229b6177bd007ce9eb\"\r\nx-amz-meta-mtime: 1761297610.896227862\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 09:37:11 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 45511\r\ncache: HIT\r\nx-cached-since: 2025-10-24T09:37:11+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1297,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1265)","md5":"83e311eb8e222d229b6177bd007ce9eb","sha1":"96b851ffda0eab794c2bb637255a48ae25770144","sha256":"d0ff62de588e1c47eedbd91a89dcf394e2ec5bd09392ea556b9a34108077e9ad","sha512":"fd2e1bfb6588598e356ddc08724c2e6f602b89626b30eeca2c25b8f60340f25e28a761b8e13b75d1627172530abf7dd0e586e792f53759d08bda626145f65b0d","ssdeep":"","tlshash":"202112debed2b5908394188c4e2ec055f23a2957641ce6fcd765e7827c403a186f3c1d","first_seen":"2025-08-22T10:11:14.559442Z","last_seen":"2026-03-04T04:00:43.42063Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/captcha-api/assets/hunt-captcha.js","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:50.518Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"GET /captcha-api/assets/hunt-captcha.js HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==; window_width=1280; che_g=041e9c43-e114-40f8-94a0-420224164877; SESSION=790c2f3ee09ba8ab582d92c5f2571852\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:50 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 23896\r\ncache-control: public, max-age=300\r\ncontent-encoding: gzip\r\netag: cba2651ff1e385e279562870b3bf56bf\r\nvary: Accept-Encoding\r\nx-dt: 2337\r\nx-request-id: 651a7ab54dffaaa7f6a77255fc4df408\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.015, wf-uht;dur=\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92169,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"cba2651ff1e385e279562870b3bf56bf","sha1":"09af5671d23bff53cf397c7806c42fe1b7c66806","sha256":"5075031bef3fecc2e9c89ac66401d242ac89509cf7aaaa00d96db76387509304","sha512":"3dfc131f8cce25216de7b625356f5a764f6dd802b7e888b2e10bc66a284f28850d15b97741c2eb62baaf43d83f49eacd047c3498e21a90e01b678fa24d7aa13b","ssdeep":"768:daGT7sGxU+wMtyfKb5wYdhiz2bJgGXx+hc4GfMIIV1w50hmBGKSIgjGiG0IUwXiN:dvKwHdhI11Uu5nTJ","tlshash":"2a93dfe02c98a058374b561b5fbb3ce0f40c429d7fb93426b7249592f46dbbae685334","first_seen":"2025-10-24T09:34:05.157088Z","last_seen":"2025-11-04T12:50:30.048842Z","times_seen":500,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 69\r\ntraceparent: 00-9f7b68a7c3c5cdb1437367b2a142da85-3699e9da920225bc-01\r\nlast-modified: Wed, 15 Oct 2025 07:28:08 GMT\r\netag: \"2cdaa92927f02e0b628f1ef4d7dd8caf\"\r\nx-amz-meta-mtime: 1760513214.065966522\r\nexpires: Thu, 16 Oct 2025 22:59:01 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 81483\r\ncache: HIT\r\nx-cached-since: 2025-10-23T23:37:39+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"2cdaa92927f02e0b628f1ef4d7dd8caf","sha1":"9104a2e16ed080b80a42588b8aeb52ebec47ab7a","sha256":"ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db","sha512":"31da80bc1b17aa708fef74b0211af91fce1b4a5f518f11e5caa80f50e9a7791b6e94924e381f550fc44a02f4c1d785e5b95fa2464e7968b5cab079612d70d839","ssdeep":"","tlshash":"1ba002935a5ef66c209044860696e74733823d6a3477b1d625bc5509e6061474817257","first_seen":"2025-05-14T05:06:37.199299Z","last_seen":"2026-03-18T19:40:26.76398Z","times_seen":5502,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/ru/block","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-24T22:15:40.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"GET /ru/block HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 203 Non Authoritative\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 240990\r\naccept-ranges: none\r\nserver-timing: dt_total;dur=0.004, total;dur=90;desc=\"Nuxt Server Time\"\r\nset-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned\ngw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; Path=/; HttpOnly\nlng=ru; Path=/\ncookies_agree_type=3; Path=/\ntzo=2; Path=/\nis12h=0; Path=/\r\nx-dt: 2336\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"203","status_text":"Non Authoritative","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]}],"data":{"size":240990,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (40263)","md5":"c84eb4b449a523691abb24f6c5d5f6ce","sha1":"8af2b81c3083f1115425fdde9e7fdd40e3585388","sha256":"eebe1f45ab1c8ca5656e8dfb11340d519496e0b39c416cb9d93cfb8b620fffca","sha512":"d525815a8442f747105d363df538bca70fa492065bc09d76a6f7d8c0855a674c438130dcc87a45d8a08e3dafa6890137a306330795bfc2b7c0754ba4dfdf81ab","ssdeep":"3072:Onr5E62KHN00Y0zXV+pQTND0YWwHR/98FEDE+G5u7yF:eE1gl7T8kDllmF","tlshash":"cd34c52fa50c1d3e952b1eb9c54f7d4e6b7c5e2b24cb2901dcae6e6910e3290456383f","first_seen":"2025-10-24T22:16:15.681554Z","last_seen":"2025-10-24T22:16:15.681554Z","times_seen":1,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":209,"receive":94,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/ru/dictionary_ad16b7ccecd7a2471d9e2ffa651ca5d4.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_main/ru/dictionary_ad16b7ccecd7a2471d9e2ffa651ca5d4.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-5d495f21e7f866f4cf0878b5efb2788f-017f62823f28a8b5-01\r\nlast-modified: Fri, 24 Oct 2025 14:11:46 GMT\r\netag: W/\"bb5add4672f7b32fae0d5af745c7c959\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 15:29:29 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2173\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:39:29+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":194624,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (46884), with no line terminators","md5":"b8e2d6c1dba9f74233f3e113ca32f650","sha1":"f381c23cac5cb4aa4a11858e583df670f74082e5","sha256":"f6e22d363030eff488546fa6822bb929e72a51c5be2365e21e00ed0a20c5aaa8","sha512":"a878818df6a74d2e89bd8fbc8b1fa806d3d82421aecd96888d9954e6b21c6c00eccc87eab1fae4d65d863067526865445b4f4670fbcfdad00dc3e1a668960ebc","ssdeep":"6144:Sd1qcRs/81DznJK4Uycz0oFx5EN/IHcHLFwYsBoLM34pNbGGWN3xkistWH5v+2oZ:Sd1qcRs/813nJK4Uycz0oFx5EN/IHcHZ","tlshash":"60246211946c64ee127e646bf8047f852eb8c0fdafde861b05bc5b3e74d63d0813a25a","first_seen":"2025-10-24T17:40:13.318332Z","last_seen":"2025-10-27T00:31:44.627834Z","times_seen":11,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-2336/desktop/media_asset/9ad2cfe25d776b1c4c0bf29b2951bab0.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-2336/desktop/media_asset/9ad2cfe25d776b1c4c0bf29b2951bab0.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json\r\ncontent-length: 747\r\ntraceparent: 00-26246f6510566ed15497b81026b064e3-b6df233b08241608-01\r\nlast-modified: Tue, 17 Jun 2025 07:09:23 GMT\r\netag: \"f4e90636ec9cff061c4301b3cefdd0d6\"\r\nexpires: Fri, 26 Sep 2025 17:15:59 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":747,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f4e90636ec9cff061c4301b3cefdd0d6","sha1":"c506efe9c3672c58434ea10021dab0ad81b1ad98","sha256":"30666f138ccc12735e2f8a6405ddce4a3d8756b9445e3b2732fa2970f14dbcea","sha512":"2db1a1a4419db47b4256906f9c660b85479bb83d2ab0757d1b1c24cdf94d97bdc4a7140d5d8ea31cbf612a77ba1ae6ef46bbd77eb42d24b6d83afebbc46c9216","ssdeep":"","tlshash":"2a012d94bde4083719374ca981a2595d63844b0398297c087adf3d4c5b2096d056e9be","first_seen":"2025-03-01T06:06:39.041672Z","last_seen":"2025-12-04T11:53:51.978889Z","times_seen":4943,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:52.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:52 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-eac876583ccbffa34e9a407b7d318ca9-e3d3e656bcfbca38-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2299\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:37:33+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-05-20T06:20:01.978819Z","times_seen":10461,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/main-static/70a3747b/check-ob.js","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"GET /main-static/70a3747b/check-ob.js HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 219\r\nlast-modified: Thu, 23 Oct 2025 10:48:01 GMT\r\netag: \"c065700c9c8c493403359e1f2baa10d9\"\r\nx-amz-meta-mtime: 1761216481.203992555\r\nexpires: Sat, 25 Oct 2025 10:56:18 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: wf-uht;dur=\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":219,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"c065700c9c8c493403359e1f2baa10d9","sha1":"4630fe729e70bdf63fa7ba6c84ec277fd1f51030","sha256":"1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4","sha512":"b2e1c73cb94f5e3ceb35c3662bf4d72baf800a9a7c64318b1db07d50e9c885dbd94821ef3b3916d1b8b4fabb8f45cb588834b41c6a8a7f4d2c3e9c3866083ee7","ssdeep":"","tlshash":"96d0a79fb900211406939267d12f8668807724973f008182500597e069b8f4c4b37895","first_seen":"2024-07-17T14:33:52Z","last_seen":"2026-01-22T06:40:31.153166Z","times_seen":6298,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/commons/app-77afb36d.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/commons/app-77afb36d.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-63f8e8974d39cba3f1bb6906dc1372a2-cd7d1a928ea3a5b9-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:38 GMT\r\netag: W/\"3b452bc2555689c178bbd0b9ea7ff320\"\r\nx-amz-meta-mtime: 1761216277.348342539\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:56:02 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40664\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:57+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":137774,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65468)","md5":"3b452bc2555689c178bbd0b9ea7ff320","sha1":"d8c59d35f6fed613263c4f019cd944e8167a49a8","sha256":"5dde54e7f93edc56d636daf42ec19feac48f812a52acf74f6239f854c38fa4db","sha512":"4233fa2aeabdeff32b4376afd3c072ab0fade756c9bd799bb3718d6719831436ecdb4b02211a0bc04b44e7d3a7f088e7d0e911e041c572e85b7224a3b006b675","ssdeep":"1536:XCrmhSG5YGf7BMr3y6MPC0UiXH2DHJjIAG3wvvjE+gjmZVBp+PWKq3Kwtp:KmjYGNMrmXHUp0qXjE+gjmZ4fwP","tlshash":"34d3d5dcf695b03117e721b5407f150bf23a7898680ac0a4f266e8d53db888ea167f7d","first_seen":"2025-10-22T11:25:36.257958Z","last_seen":"2025-11-06T09:03:00.003647Z","times_seen":545,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nContent-Type: application/json\r\nX-Lang: ru\r\nX-Uuid: c4b553aa-8db0-423c-8230-b37ad55e6de7\r\nContent-Length: 88\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==; window_width=1280; che_g=041e9c43-e114-40f8-94a0-420224164877\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 2336\r\nx-time-ng: 0.055\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.058, wf-uht;dur=0.065\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c685f0e7a6977680ace9a0b94ffec2dd","sha1":"5ec8a8ca70574bf469efab21c2ea68dd17527ce9","sha256":"c9d96899ac0551f60e12e90d17eccfac4dd09e45c63816c83d69c7b945a0afbf","sha512":"7ee463d2b63bdf1e5288e131ba3c653fc9411204606a612ac7e3792c906e91efa3bf94694906ff9c9d91149f130be386404bbe7e5c71039e350465ad5b4e3bd7","ssdeep":"","tlshash":"b8700038a0002000000008223a2a2e08082088208002002388882880000acb0088a082","first_seen":"2025-10-24T22:16:15.685336Z","last_seen":"2025-10-24T22:16:15.685336Z","times_seen":1,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_chunk_LNU73JEK.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_chunk_LNU73JEK.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-999d22f09e4d27d2d4d5a9c048016625-386c9c5b11b9f8c5-01\r\nlast-modified: Fri, 24 Oct 2025 07:32:18 GMT\r\netag: W/\"d96d317966512ab8915a90670ca5a5af\"\r\nx-amz-meta-mtime: 1761291098.795946178\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 09:38:08 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 45454\r\ncache: HIT\r\nx-cached-since: 2025-10-24T09:38:08+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1232,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1231)","md5":"d96d317966512ab8915a90670ca5a5af","sha1":"a810be1c3e515adb49804e8d976250deb16fd77d","sha256":"f125201d62c452efba070d856821885c7cfd539a31d55846caa6ae3a7522d3cf","sha512":"460b29966e6f5ac4d34ccc714217d29686d7aff42efa92a102729d40aa36dd4fbb87116178b2f9fdece5fdb09cb2bf2024312d3f1b86abb69644f695c76aca2d","ssdeep":"","tlshash":"a521f1e56fbc7ba362be2ae4a02e0041e001d53752f4f1d4f294dfb4a4e949d035b5b6","first_seen":"2025-08-22T10:11:14.554562Z","last_seen":"2026-03-04T04:00:43.411503Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-ui/3.3.466/Desktop/Default/merged.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-ui/3.3.466/Desktop/Default/merged.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-15739ff267fb6bdc3fddbc054275d778-58510d0a63b52628-01\r\nlast-modified: Fri, 24 Oct 2025 09:43:08 GMT\r\netag: W/\"1745604aaef118c01750d961715dffa4\"\r\nx-amz-meta-mtime: 1761298954.592448677\r\ncontent-encoding: gzip\r\nexpires: Sat, 25 Oct 2025 09:49:28 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 44773\r\ncache: HIT\r\nx-cached-since: 2025-10-24T09:49:28+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":756383,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"1745604aaef118c01750d961715dffa4","sha1":"deebbc7dbac4e3d64befd92f8267c01bd5929e18","sha256":"f7cfbffb85cd32047939a229829ebeafda0d8a48bc21a3fe9abb95d9783231e0","sha512":"17195fdc917f83c4255a00b16f2b3f3160ec1003251d243ec3a17ad8991e60b6e2ef03d6f35ed4136a13d0e1a8e0048d6a100d77d9d774544adf0613ec6fb978","ssdeep":"6144:q1qWZGVX4t4ePBJmj+coochfN3uOiv+qYfUacZT:yl9N5fUacZT","tlshash":"c8f4841cf19dd1343e37e62562849ffc6620b7079b231d6ef89a028a0ec355361a6db7","first_seen":"2025-10-24T10:11:15.319726Z","last_seen":"2025-10-27T11:05:31.610139Z","times_seen":181,"resource_available":false,"data":null}},"time_used":373,"timings":{"blocked":176,"dns":17,"connect":6,"send":0,"wait":7,"receive":0,"ssl":154},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-dd50914db3af0dbe5efe2da15ede5136-7ea50a62d8df7255-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2288\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:37:33+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-05-20T06:20:01.978819Z","times_seen":10461,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nContent-Type: application/json\r\nX-Lang: ru\r\nX-Uuid: c4b553aa-8db0-423c-8230-b37ad55e6de7\r\nContent-Length: 19\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json\r\ncontent-length: 2\r\nx-dt: 2336\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.084, wf-uht;dur=0.036\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d751713988987e9331980363e24189ce","sha1":"97d170e1550eee4afc0af065b78cda302a97674c","sha256":"4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945","sha512":"b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af","ssdeep":"","tlshash":"c7100000000000000000000000000000000003000000c0000000000000000000000000","first_seen":"2023-03-08T00:02:47Z","last_seen":"2026-05-23T02:14:44.715952Z","times_seen":279231,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":64,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:43.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nContent-Type: application/json\r\nX-Lang: ru\r\nX-Uuid: c4b553aa-8db0-423c-8230-b37ad55e6de7\r\nContent-Length: 72\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==; window_width=1280; che_g=041e9c43-e114-40f8-94a0-420224164877\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:43 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 2336\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.046, wf-uht;dur=0.010\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9c894114805334cd9b33a48bfc35ec77","sha1":"de0b18fd22e9d50564abac51240e4b53f1c398c6","sha256":"445b0e0cbfbb702f76388007a10cb2ccd5ec2643691cb18414e892a8580c8706","sha512":"39c1a72d1398bebd100cff57445d25ea1d1fb8ac06bc3ee9cf0979c2eea2d48383bd48ab3fc1e7bf471b9240c1d86ebad8ad88fcb54dba6fd2e62fa2b795192b","ssdeep":"","tlshash":"2070000030200800008008032a2aeaa2282888000828022388a030088008eb0208a00a","first_seen":"2025-10-24T22:16:15.702174Z","last_seen":"2025-10-24T22:16:15.702174Z","times_seen":1,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1707728419/stub.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:52.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cedexis.com","organization":"Citrix Systems, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0","sha256":"BE:70:39:96:BA:51:8F:A7:6A:9D:E1:58:FB:D9:F7:6F:17:5C:DA:A9:6E:54:3F:8F:0B:3D:1E:DF:8C:44:B4:71"}}},"request":{"raw":"GET /1707728419/stub.js HTTP/1.1\r\nHost: radar.cedexis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 22:15:52 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 12 Feb 2024 09:50:42 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"65c9e9f2-186\"\r\nExpires: Fri, 07 Nov 2025 22:15:52 GMT\r\nCache-Control: max-age=1209600, public\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":390,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"82dec77fd0353c7c71ce053b8601387e","sha1":"fbbca95419e1d0c042e0a5fdf10f380aca66188c","sha256":"39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7","sha512":"6872c895cb44711405e57a436dfbe15d094f9159e11ee2b89983c63b1f18f6acbdfaf0ccbb5e48b2bf24f366f16584c660bca4b6b14c048a134bb77a60f6563e","ssdeep":"","tlshash":"02e068ae9391a318537a2dbacc4e060ba0f6114888e5e4e029f5c2c00461bae072bfb4","first_seen":"2024-02-13T14:23:26Z","last_seen":"2026-01-15T12:01:08.184588Z","times_seen":7496,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/css\r\ncontent-length: 46\r\ntraceparent: 00-f8472d927d125d501c33cf05221d2f4a-6e76bc89cc04b137-01\r\nlast-modified: Thu, 20 Mar 2025 13:29:31 GMT\r\netag: \"29b5cda95fa390c124de39b6aeca6d24\"\r\ncache-control: max-age=3600\r\nexpires: Fri, 26 Sep 2025 20:51:22 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 3525\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:16:56+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"29b5cda95fa390c124de39b6aeca6d24","sha1":"46f68f69533c1fdc737eb36e8e7af7672178e610","sha256":"6021ec0aede22eadcb8401fe945d345202320437c7be01b157f0cb282ebe7c88","sha512":"8a62d0b23596f91ed5dbd111fce75e940b4b6fe542716d9fad76d610eb9a90f67bad145f3dcfd977b5a7a6d414d66e94c0abcaf6cabce2310d94af56cdf0e13b","ssdeep":"","tlshash":"54900294a50c22502025c656109c48d0119412566621255851533451b4438405960188","first_seen":"2025-03-20T19:27:14.305804Z","last_seen":"2025-11-18T11:41:52.983768Z","times_seen":4852,"resource_available":false,"data":null}},"time_used":334,"timings":{"blocked":159,"dns":20,"connect":1,"send":0,"wait":1,"receive":0,"ssl":148},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-2336/desktop/media_asset/f907f875a776158f43c55fffc71c8b71.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-2336/desktop/media_asset/f907f875a776158f43c55fffc71c8b71.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-bf6c15d9dd1d0d537e54ea17e128321f-765e6f1baa95559e-01\r\nlast-modified: Wed, 22 Oct 2025 11:45:35 GMT\r\netag: W/\"9f115b25876ef266c517ff06d677ac61\"\r\ncontent-encoding: gzip\r\nexpires: Wed, 22 Oct 2025 14:04:09 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27173,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9f115b25876ef266c517ff06d677ac61","sha1":"891b26ec961869470e0fb66e3c5aef6c31fb1a3d","sha256":"74f6d6f7da2608ae74e3e9a7fd0eed78ca8f9cbf1eb56f24d6a39997606fdffb","sha512":"dbcc7b527501f33958f5d8fd1575756b2e8ffb091380df99ca685fe9f34e0178517917eef2757f21aa26f245bdf7a01564c9f7410eea4c1502a1c2f9bd80a208","ssdeep":"384:hrLr0fLPwUj+uZbC445IOhT9TYXw1LyaN1C1WjTZ5sogvlQrLg9sKHs:hvkD+yEgvarn","tlshash":"d8c23a85faf40c33202f90ae95f3ba0e93d85f479d0a6c14bfad2a4d2b54519016bd7e","first_seen":"2025-10-22T12:12:26.052513Z","last_seen":"2025-10-30T15:36:50.364764Z","times_seen":380,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/DC-cba0e7a9.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/DC-cba0e7a9.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-32b9fe4ee0e439e6211ac9b55134e9af-5eb5e5ec03d6e42f-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:37 GMT\r\netag: W/\"b3607f8a3163bf873f9e78f5aafe6d84\"\r\nx-amz-meta-mtime: 1761216277.325342466\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:56:02 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40663\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:59+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2201,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2201), with no line terminators","md5":"b3607f8a3163bf873f9e78f5aafe6d84","sha1":"8cbbda2c4412c7406881a2d54080cd635d26518b","sha256":"be3d191b639b2735af81796ef365d9e0617277f839c5aca12353dbf38dc8b924","sha512":"d121aea5699c6fd6e0da94a19ba50d7364f65b353d9191edc91394134111aa82204af08137118547cfdc5835d18595279d56e8d6d952d1d15a4e055deb8769cb","ssdeep":"","tlshash":"5241a40931a4fc11d7f90cd86dff72061027f076648dc9b4d3a32a8b08b7f6aa217916","first_seen":"2025-10-22T11:25:36.389372Z","last_seen":"2025-10-30T11:27:15.265061Z","times_seen":376,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-2336/desktop/media_asset/a497a774301714d70dd0aaddc77c076e.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:43.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-2336/desktop/media_asset/a497a774301714d70dd0aaddc77c076e.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:43 GMT\r\ncontent-type: application/json\r\ncontent-length: 241\r\ntraceparent: 00-3fcaf858dac76534069fe5ce74a8c3dd-374431656e16759c-01\r\nlast-modified: Tue, 17 Jun 2025 07:09:23 GMT\r\netag: \"39257fbb62736206d5245e08925d7b60\"\r\nexpires: Fri, 26 Sep 2025 17:16:00 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":241,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"39257fbb62736206d5245e08925d7b60","sha1":"4c11e3cb6a16b884772b88acdba30a2ad98e86b8","sha256":"3a3cf0f5c60899ffb49d9825516aec475fd7b78cea8ae0b5b58dfb4e658f041e","sha512":"e9b44ac92bbad9c54e500f735f553154c92897c80700709b61b39443f76edbd1d3d38d0d6014e6052cc5f5931b78c55194e308c86336f809de1541efa1e0ac8f","ssdeep":"","tlshash":"58d02e40f2e01833201f94f981b5a109e74b0b03e402a808fa0c21881bac8252426c3a","first_seen":"2025-03-01T06:06:39.04916Z","last_seen":"2025-10-28T05:34:45.039411Z","times_seen":3826,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/hd-api/external/assets/hdf.js","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:50.516Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"GET /hd-api/external/assets/hdf.js HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==; window_width=1280; che_g=041e9c43-e114-40f8-94a0-420224164877; SESSION=790c2f3ee09ba8ab582d92c5f2571852\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:50 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 1537\r\ncache-control: public, max-age=300\r\ncontent-encoding: gzip\r\netag: 17cc4ade9ae4dd646178200428d67b62\r\nvary: Accept-Encoding\r\nx-dt: 2337\r\nx-request-guid: 89847f1fcbb21ffcc871728d452c6790\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.009, wf-uht;dur=\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3281,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3280)","md5":"17cc4ade9ae4dd646178200428d67b62","sha1":"8949891455535a68218c809864ed91eb0f800c84","sha256":"b0c9aa9ea44642cc4d2a68a6a0ea81b2d8578aca18a4769c64f8b482189572c3","sha512":"ed1d64775d6f6aee5ac22448f6678a4742459eec3389d87d9383e7053ed5cf31cc74eb8ef0b3f3597b02e16f53d07bf88b2b7695c5f072cae01f7c2e48b00155","ssdeep":"","tlshash":"316182a764ae7e1212480cc7a47e9a4b7050e9063ca9f850d0bf6ccf2404da1c9a1f1b","first_seen":"2025-10-17T07:26:39.008746Z","last_seen":"2025-12-13T09:36:03.351895Z","times_seen":1800,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:51.357Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:51 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-ed3f8737f306dc5a4a34861e13b2270e-c94b63723c9c8b83-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1817\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:45:34+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-05-22T14:56:24.389605Z","times_seen":10609,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/css/7fe5f71b.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.118Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/css/7fe5f71b.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-6e5703fadc42c545a9ee2fe1609304c6-7b61dfef4181ce56-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:38 GMT\r\netag: W/\"c610b8710368de3bf2f1c5bb581b6a3a\"\r\nx-amz-meta-mtime: 1761216277.351342549\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:56:04 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40664\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:58+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3313,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3313), with no line terminators","md5":"c610b8710368de3bf2f1c5bb581b6a3a","sha1":"f67bc86785d434adb2e81a356a7926b8818ac567","sha256":"fad7111846310042401990719146401178f22e2618abf2b058e641b6495e8eba","sha512":"2dfecbd28b59bcf4b361736ce304f33792631b766506b80767f23033cbd37c1a83371af59b833032390f647b69824e9eeeb1f99530e18047f74cd30ffda0e5b1","ssdeep":"","tlshash":"0161c13e9cbc24359e7f472b7053ce84e199a39092030f8afdbb755a4c8b21d3895176","first_seen":"2024-05-14T21:30:49Z","last_seen":"2026-01-22T06:40:31.190981Z","times_seen":5786,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6147dc85b9.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6147dc85b9.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-db83b74d2fd69bda689c012a33c198e4-4b37e7cb416dcb26-01\r\nlast-modified: Wed, 15 Oct 2025 07:28:08 GMT\r\netag: W/\"b73bed50181c012f133f6aae4a69da3f\"\r\nx-amz-meta-mtime: 1760513214.068966603\r\ncontent-encoding: gzip\r\nexpires: Thu, 16 Oct 2025 11:24:11 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 38370\r\ncache: HIT\r\nx-cached-since: 2025-10-24T11:36:11+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2285,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (2284)","md5":"b73bed50181c012f133f6aae4a69da3f","sha1":"1826d3b1ec485876a8240d3250ef43fa0dbf7658","sha256":"6eec44c2601e34ffede82c0f79f5a1cc80ec4aec63ed4960e9260f757dd4798f","sha512":"01dccd364919af69cc280e3dae45ddfac2c9dd07f64e5cc4d45f9c28ca1ee944d7c61c23a6c95182f0827c083f0665638eb097c3e3d64daa41cee2086a3f45c8","ssdeep":"","tlshash":"ef417bdef8b9a5712d33e012d60c5ef95470b627c5214982f4cdd3a226c3a922db1dae","first_seen":"2025-08-22T10:11:14.526935Z","last_seen":"2025-11-12T13:10:30.998735Z","times_seen":2470,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":58,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/ru/dictionary_dc63a33e12b5295fdca015104541e0fc.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_express_day/ru/dictionary_dc63a33e12b5295fdca015104541e0fc.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-5abb79f1b52f2955f737f7fbf78bb922-589e75f1475a4f8a-01\r\nlast-modified: Wed, 15 Oct 2025 04:11:05 GMT\r\netag: W/\"5c49c24ae882cae4f99681183f35a295\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Wed, 15 Oct 2025 05:18:32 GMT\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 3511\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:17:11+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1415,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"5c49c24ae882cae4f99681183f35a295","sha1":"a22775f4ba8947662730d215094b702246290d16","sha256":"fa147b49e1bb3abf835c3400e8b59119d4d7552bf31aaa98c3fb7bad2354b2f6","sha512":"4d946e74a466015ec59ad659f5151f2a67237bd5e03e6f96c034125b36ab21ee4151475700db24b4d9f04abcf78c9d79e2c9d52ab215162cb44d7d020eda4b00","ssdeep":"","tlshash":"442145e083be04f99b535fb7ae59316f215185f6185a0942031e79ef37d8d404c1d2b9","first_seen":"2025-10-16T17:44:56.861458Z","last_seen":"2025-11-20T21:03:38.918405Z","times_seen":48,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/ru/dictionary_92c6de0e20cf67bd1d3d877320e1f7a2.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.256Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_reset_password/ru/dictionary_92c6de0e20cf67bd1d3d877320e1f7a2.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-f6f513fada7e2e2055c50c4cf2ce0e7a-52a7d866d8917187-01\r\nlast-modified: Thu, 05 Oct 2023 09:31:59 GMT\r\netag: W/\"07afe89a1ee7db69cdce4960c607ac2e\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Wed, 15 Oct 2025 15:42:00 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 865\r\ncache: HIT\r\nx-cached-since: 2025-10-24T22:01:17+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1036,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"07afe89a1ee7db69cdce4960c607ac2e","sha1":"1733b76eebdbe6e8acd8717d0b9db7cf7e3ccac5","sha256":"8013be5b44794a743ab416c20fc589d251de9ade25f22cb9181349d35c9a2660","sha512":"0d2a5bb4fa119bd7bebde74a8774860cbd793dd3c9d791292d14ad088e143221b97b36efbd4a54b6e19a6c4af48e095ab2f0e583c0a1b5bebda330fdf8bce64b","ssdeep":"","tlshash":"f711d651135f1cfa074af467880b6c217bda807f976788931a70aaaf37b3942956881f","first_seen":"2025-04-12T01:42:17.618396Z","last_seen":"2025-12-02T10:01:31.370553Z","times_seen":133,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nContent-Type: application/json\r\nX-Lang: ru\r\nX-Uuid: c4b553aa-8db0-423c-8230-b37ad55e6de7\r\nContent-Length: 48\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 2336\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.076, wf-uht;dur=0.008\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f78dbed1a938735034ce1ab73a03aa10","sha1":"f8a60442b6c0f753602f6c3b7efe5c827fc43b4c","sha256":"257bf3781d3681ea7119355b3d42aff4a4c44b25ec2842aea1c175338f0742aa","sha512":"9be409c5360b5331a2ba2060d0dca9bd1a7463ba5923641b6d62fda131f19add33cd82a58ebf7c21c854d88fb4d39693cf5f059261f7b9fff51456cd12ee8a1c","ssdeep":"","tlshash":"627000083002000080280a222b2808280f208ac28000802b88c220002200fb0088a803","first_seen":"2025-10-24T22:16:15.713268Z","last_seen":"2025-10-24T22:16:15.713268Z","times_seen":1,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/css/13382faf.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:41.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/css/13382faf.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:41 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-739a7054d6e8839b0f4e847d68d921a9-9d3e2df7d9f1ae20-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:38 GMT\r\netag: W/\"522bed13bfb021f11f9100e2f5a2fa88\"\r\nx-amz-meta-mtime: 1761216277.348342539\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:55:59 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40665\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:56+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15193,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (15193), with no line terminators","md5":"522bed13bfb021f11f9100e2f5a2fa88","sha1":"e35753a7f9434702331a022a65fea710096f73ed","sha256":"0c09117600e3f9a9377db07f0a4e5f78ff1a2f8ab3cef75d04640ce229032d22","sha512":"dbc706017a1281f67cd28689755365d1ec1e52a9efd00bf367b97892c71f8c96eeceb078a274b0c5dfa5acb405c4d12e5c3594022c1b126e0195329dd0fb3b00","ssdeep":"192:HOIOH7nvxxxY4lctZLJh6N0dtu8yvrs9lvhvuvoQwltoQrNTC4cjWnk3LbBQ:HCJxxY4MJJqJQr9C4GWk3PBQ","tlshash":"1362b61fd53692b21d238c52728ebf383539722628a65735f44e26488ddbb9703d0fb8","first_seen":"2025-09-30T10:36:50.754445Z","last_seen":"2025-12-02T07:51:56.02009Z","times_seen":2313,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":57,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/70a3747b/desktop/default/vendors/plugins.vue-js-modal-025d2bb3.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.124Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/70a3747b/desktop/default/vendors/plugins.vue-js-modal-025d2bb3.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-59d83e5d6ede28ac039d5d8ed1d4573d-bdc1be2d3c143d0a-01\r\nlast-modified: Thu, 23 Oct 2025 10:44:38 GMT\r\netag: W/\"b1bc62ed27bc91fced7167abfc99d179\"\r\nx-amz-meta-mtime: 1761216277.358342571\r\ncontent-encoding: gzip\r\nexpires: Fri, 24 Oct 2025 10:56:04 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 40664\r\ncache: HIT\r\nx-cached-since: 2025-10-24T10:57:58+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26667,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (26667), with no line terminators","md5":"b1bc62ed27bc91fced7167abfc99d179","sha1":"91f89cfa92ff216100c3821511a2487466182299","sha256":"c8b94a3375701f99d992127225e8ae03de62b59ff2e86fbf6bb47d64aa64a13c","sha512":"2c309db0b7972219dc2d455403c4d1aeb28428c442eacc61b64701254f3e0584d3d239e9183fcc7f49aeff5401fa5d3411667bf9e00874fc992a261f8e9f9f0a","ssdeep":"384:bBy0a9vOeCGAZIXfK2rVsAdm00uow4HQEjacGXGQVe6ubqw:+HyIXfPt4wE9GXGQcbqw","tlshash":"4ec2288977d8307442db5573627f2b0ab23e295074269888f772e8e65cb864d206ff3c","first_seen":"2025-10-22T11:25:36.117833Z","last_seen":"2025-10-30T11:27:15.259833Z","times_seen":376,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:43.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nContent-Type: application/json\r\nX-Lang: ru\r\nX-Uuid: c4b553aa-8db0-423c-8230-b37ad55e6de7\r\nContent-Length: 19\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==; window_width=1280; che_g=041e9c43-e114-40f8-94a0-420224164877\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:43 GMT\r\ncontent-type: application/json\r\ncontent-length: 2\r\nx-dt: 2336\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.056, wf-uht;dur=0.010\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d751713988987e9331980363e24189ce","sha1":"97d170e1550eee4afc0af065b78cda302a97674c","sha256":"4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945","sha512":"b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af","ssdeep":"","tlshash":"c7100000000000000000000000000000000003000000c0000000000000000000000000","first_seen":"2023-03-08T00:02:47Z","last_seen":"2026-05-23T02:14:44.715952Z","times_seen":279231,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-5227452.bar/hd-api/external/verify","fqdn":"1xlite-5227452.bar","domain":"1xlite-5227452.bar","tld":"bar"},"ip":{"addr":"185.165.153.106","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:52.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-5227452.bar","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 13:28:13 GMT","end":"Tue, 23 Dec 2025 13:28:12 GMT"},"fingerprint":{"sha1":"D6:56:9D:49:89:C6:FD:C8:0B:61:C9:1C:2B:28:14:81:FA:DF:D7:6D","sha256":"E3:C5:81:26:FD:F9:CD:8C:3C:74:D4:4C:56:35:6D:48:CE:68:AC:29:53:45:D7:53:3D:28:7A:D8:9C:7E:17:FB"}}},"request":{"raw":"POST /hd-api/external/verify HTTP/1.1\r\nHost: 1xlite-5227452.bar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/ru/block\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 191669\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiwyNTA5LDQ5NSw4MTIsOTg1LDgxMywxNywxOCwyMTg2LDIzNjgsMjMwMCwyMzc2LDg0NiwyMjY3LDIyOTEsMjMwMywyMzc1LDgxMCw5NDQsMjIxMSwyNDA5LDI0OTUsMTA5MCwxMDkzLDIxOTEsMjUwMCwxMDAyLDIyNDIsMjMwMSwyNDYxLDI0NjQsMjQ2NSwyNDYyLDI0NjYsMjI1NiwyMjUxLDIyODcsMjQzMiwyNDc4LDIzNDUsNDg0LDM5NSwyMzI4LDI0MDIsMjMzMiw0NzQsNDc2LDEwMDYsMjM5NCwyMzY2LDI0MDMsMjMxMSw4MDksOTEyLDgwNiw3ODYsNzY4LDc3NSw3NjcsNzY2LDc1MSwyNDI0LDEwMzksMjMyNywyNDIyLDI0NjgsOTA3LDk4NCwxMTA2LDI0MDgsMjMwNywyMTU1LDIzNzIsMTExOSwyMjk2LDIzNTQsMjM0MCw5NjgsMjIyOSwyMzkyLDI0MzEsMjQxMywyNDM0LDEwOTYsMjM1MSw3NTksMjIyOCwyMjE0LDg0Myw4NDIsMjM1Miw3NTYsNzQ3LDc0OCw1NDgsMjM1MywyNDI1LDI0MjYsMjQ3MywyNDkyLDc4NywyNDQ2LDIxNjMsODM5LDc4MywyNDc3LDUyNSwyNTEzLDI0ODAsMjQzOSwyNDQwLDI1MDcsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0MjMsMjM2OSwxMDc4LDI0MzcsMTEwMCwyNDM2LDI1MTEsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDI1MDEsMjUwOCw0NzcsNDk4LDk0MiwyMzIwLDIyODksMjI4MCwxMDg2LDk3OCwxMDg0LDk4NiwyMTk3LDk5Myw5NzcsNTMwLDIyNDMsOTgxLDk4NywyMTgyLDIyOTUsMjE1NiwyMTU3LDEwOTIsODA0LDIyMzksMjIyMSw5OTQsOTk5LDk5OCw5OTUsMTAwNywxMDA4LDEwMTAsMTAwNSwxMTAyLDIxOTksMjE5OCwxMDEyLDEwMjMsMTA5OCwyMjAxLDEwMjIsMTA0MCwyNDcxLDI0ODgsMjE1OSwxMDg5LDIxNzksMTEyMiwxMDg3LDEwNDIsMTA0MywxMDc2LDEwNzcsMjM2MiwyNDk3LDIxNzEsMjQ4OSwyMTc3LDIxNzYsMjQ5MSwyNTEyLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=ru; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D; postback_watcher=%7B%22tag%22%3A%22s_4480839m_355c_campaign%3DB1_GEO1_Trafficstars_desk_video_RON_wheel-bet%3Dsite_id%3D%7Badspot_id%7D%3Dpab_id%3D%7Bsite_id%7D%3Dcreative_id%3D%7Bcreative_id%7D%3Dclickid%3D%7Bclick_id%7D%22%2C%22pb%22%3A%22b9dd29304eae46669eeb3049a5d110f9%22%2C%22click_id%22%3A%22%7Bclick_id%7D%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=uaWZamj7+oyDt3I1A0yPAg==; window_width=1280; che_g=041e9c43-e114-40f8-94a0-420224164877; SESSION=790c2f3ee09ba8ab582d92c5f2571852\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:52 GMT\r\ncontent-type: application/json\r\ncontent-length: 817\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nx-dt: 2336\r\nx-request-guid: c3dfcce9fdad4b8a8e0cd3ca4fe2b5c1\r\nx-time-ng: 0.004\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.006, wf-uht;dur=0.054\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1035,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"a1201d5988c4c53d290c09399eb1aca5","sha1":"8dabcf63af8198ce860ffbbdc6293a1a8b311a9a","sha256":"62f8aed2554deff501b6946f56c85a57d44d10567bfad903c3259e81eb438384","sha512":"2743c32740bc7ea86acec555c5e8bddb7d6a78c9ec6a6c00239593f653dea52a36277a24f19dd9fcef4dc53f67ed720e0f5e7a867fd8ab503ff3b0f33ca5cd50","ssdeep":"","tlshash":"3d111c47e96b5f976c525d163368d81cac8c4b405c51d13fc25d9735ac09d51cc0fec5","first_seen":"2025-10-24T22:16:15.716952Z","last_seen":"2025-10-24T22:16:15.716952Z","times_seen":1,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":0,"dns":0,"connect":0,"send":45,"wait":145,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"1xlite-5227452.bar","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1/23802/radar.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:52.562Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cedexis.com","organization":"Citrix Systems, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0","sha256":"BE:70:39:96:BA:51:8F:A7:6A:9D:E1:58:FB:D9:F7:6F:17:5C:DA:A9:6E:54:3F:8F:0B:3D:1E:DF:8C:44:B4:71"}}},"request":{"raw":"GET /1/23802/radar.js HTTP/1.1\r\nHost: radar.cedexis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-5227452.bar/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 22:15:52 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nLocation: /1707728419/stub.js\r\nExpires: Fri, 24 Oct 2025 22:25:52 GMT\r\nCache-Control: max-age=600\r\nVary: User-Agent,DNT\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":390,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-23T02:19:52.969623Z","times_seen":15584112,"resource_available":true,"data":null}},"time_used":128,"timings":{"blocked":48,"dns":0,"connect":19,"send":0,"wait":32,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/ru/dictionary_f168adc2aa98d9c3f234ecbe63d49674.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:42.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_coupon/ru/dictionary_f168adc2aa98d9c3f234ecbe63d49674.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:42 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-f6f6d0d2a757ed2f0ad451e71c7cd89d-87e97365dd980d26-01\r\nlast-modified: Thu, 16 Oct 2025 10:10:09 GMT\r\netag: W/\"274f0bb26e667f919453076fe9f6e024\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Thu, 16 Oct 2025 11:17:50 GMT\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2648\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:31:34+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39178,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a3beadf2eccb525201c901ae29054fb9","sha1":"eb1be963ca40793cc7439b59598c3500df7f362b","sha256":"9271e92a378db0e1d727061a00d4fc70086fd6470e28657b39002dc011ce7be5","sha512":"e13063c3cd02b8f8f29c371551d5d773502c3f1c5f4487b4ed3969ce5da2437be17f5da4255b2fa2859cfd3c8afd8269de5cf50135fc161de444c5c140e67a7a","ssdeep":"768:eMH5WMIQ0/YjKOl/fXwCGXAK2sFo+eu39aoHQy/eeLwUfDfGdPsoWds4MXGyaRXa:vHAPQ9jX/wGeaowUrOCon4MPIRPHeV","tlshash":"ad03ed30515be8aa6044a48bdd08be0b39ee15fdff575f0355b12dbe28f3068817a61b","first_seen":"2025-10-16T17:44:57.01891Z","last_seen":"2025-10-27T00:31:44.628587Z","times_seen":20,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-2336/desktop/media_asset/456236fe7b43b7d24f29b91693f618eb.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:43.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-2336/desktop/media_asset/456236fe7b43b7d24f29b91693f618eb.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-5227452.bar/\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:43 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-39321b0bff0d44d1082e1ddb10ea135f-02ee414f8f6561ee-01\r\nlast-modified: Fri, 19 Sep 2025 14:25:39 GMT\r\netag: W/\"b5a6dbdf3f12e11d0c5275b2ca6dc739\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 03 Oct 2025 15:08:15 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3091,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b5a6dbdf3f12e11d0c5275b2ca6dc739","sha1":"a8495df42a8f1e18c12dc1723660d062bbc8fb6b","sha256":"8febfd79d9b9b1298af34575340a4288d6d5b01ee4e50c57f5a5509d602412f2","sha512":"813327003eefeef8e9772adc05530b46f52fc044d76f5ed1393854052836ae2f89a0118697367681afbab9084b4e215c3120bf09ea2713553a7e8286ca9afe2d","ssdeep":"","tlshash":"85514b4df6e41c33012f19bdc0f76a6993d84f4f694a7c283a9d6c4d1bd451900aad3e","first_seen":"2025-07-21T03:11:29.13175Z","last_seen":"2026-01-11T03:06:49.449217Z","times_seen":2816,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-5227452.bar/ru/block","date":"2025-10-24T22:15:52.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-5227452.bar\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Oct 2025 22:15:52 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-66d4c967678f5bbd0a09a4bace6135e8-6142c98840a05556-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2299\r\ncache: HIT\r\nx-cached-since: 2025-10-24T21:37:33+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-05-20T06:20:01.978819Z","times_seen":10461,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}