Report - affpa.top/L?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions/wheel-bet&click

Report Overview

Submitted URL
affpa.top/L?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions/wheel-bet&click_id=Gbjizwcgnzc4SQ1mj2DsfT
IP
83.147.205.153
ASN
#202492 Silverhill Group Holding Ltd
Submitted
2024-05-07 15:15:26
Access
public
Website Title
1xBet bonus ᐉ All 1xBet bonuses ᐉ 1xlite-461430.top
Final URL
1xlite-461430.top/en/bonus/rules
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
118

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
widget.suphelper.top	unknown	2023-08-02	2023-10-04	2024-05-02	7.2 kB	3.7 MB	172.64.148.184
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-07	1.3 kB	243 kB	142.250.74.168
www.google.no	25607	2001-02-26	2016-04-05	2024-05-07	1.2 kB	1.1 kB	142.250.74.163
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-05-06	3.0 kB	1.3 kB	216.239.34.36
radar.cedexis.com	3035	2009-01-07	2013-11-27	2024-05-06	822 B	1.1 kB	45.54.49.5
affpa.top	507683	2022-01-14	2022-01-14	2024-04-29	676 B	202 kB	83.147.205.153
1xlite-461430.top	unknown	2023-08-11	2023-08-11	2024-03-26	89 kB	1.6 MB	178.253.29.51
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2024-05-04	83 kB	7.0 MB	185.244.209.62

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (64)

	URL	Size	First Seen	Last Seen
	1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet	730 B	2024-05-07	2024-05-07
Pretty URL 1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 06:20:17 Last Seen2024-05-07 17:15:33 Times Seen2 Hash 378bb374b24a7ec7a5fcbff76b859eca 032c03fdbe2873cbf8f9a9249734cdac5b53ffd2 1657b0d0e6b31c72157513ca0a44327b1f9d9820866a9f9f895939199b6790c5 Loading...

	widget.suphelper.top/_next/static/f385e6db/_buildManifest.js	519 B	2024-04-25	2024-05-19
Pretty URL widget.suphelper.top/_next/static/f385e6db/_buildManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-05-19 14:33:18 Times Seen139 Hash 06c1d20d74764a4f7dea57ebb09df4d8 d6592eaad86ec7b7bc373774bf911385ea7cf07d 46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169 Loading...

	1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet	924 B	2024-02-25	2024-05-19
Pretty URL 1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-25 06:56:59 Last Seen2024-05-19 14:33:18 Times Seen142 Hash 92bf20f2f922cc746bec8fe320b23ed3 768e5dbe711e1b62cad807b11ded99ef85001483 b81f4c4f575092cb52a07f89a96291f8e258b3f6bf61e51df0fec3bcc3132fea Loading...

	v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js	2.3 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen50 Hash b44bc16cd2630bfada5ec9cbdbfcafab 43918946155d48f6cc8ecba42e2cf2cab28debd7 189ec6fd8e44cc47498706a2d2c815da1dc255040ef5ef57f5faa7c10c05ae42 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js	2.4 kB	2024-05-07	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:20:17 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 3a0e4a54185bcc66d2e032dd30a385eb 627755ca54def0761f25f827d5b4cb483e1ca83d e0bc5ffed1e6fd6285fea94e991fa8ec48a5f17677519c766d7ee7e757a02239 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js	1.0 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-19 14:33:18 Times Seen74 Hash 8fecd56fc5520134f3c39b17431fe0c2 e0cedac030a1fcf68779a592ed9e0775beb45123 3e01dfddf1e68faa32769d615eeb0e838a29241d18a57090040c595ee05f0ba8 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js	1.3 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:35 Last Seen2024-05-19 14:33:19 Times Seen74 Hash 518e0ae196483ada8b528a1f2b7df0a1 50e66030d9aca44adb3bd7893ef3c42593e26be4 529ca09688eb85183a34a43651cad1e8fabae2a02924753d54786f3de5e85693 Loading...

	v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/entry-9fb03a4e.js	890 kB	2024-05-07	2024-05-07
Pretty URL v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/entry-9fb03a4e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:15:33 Last Seen2024-05-07 17:15:33 Times Seen1 Hash f7627b055873bfef4cd8d3cdf533d7d0 fedaac81502cac12f9d266affa43688733317c01 216fccee2d61fdea85b9169b4822f04ea53497e1498c8630d9edeef3b80a1ecd Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js	12 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen53 Hash 805e7c2cd861f2191db66c39ab28e86b a6353246547e9a9fd01093fcb784d708d187e3ef 82686dab55962ead6916346bd901b3fc03357bb2a0e74dfe966ff784d75b2368 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js	81 kB	2024-04-25	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-15 18:55:36 Times Seen32 Hash 67267513246705d46a0bb83e1f8efd2a d1af6d9ad50f110bbb4bb4d75965dd939a14e15d 35acb34c3273056ead66f9ae7dc11b3c2e3bd1a4c46dc22daaa6900c150c2b2c Loading...

	widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js	10 kB	2024-01-20	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:35 Last Seen2024-05-19 14:33:18 Times Seen595 Hash 54b2d4e92e16d2ea51898124107af46a ab4225b696e63c9040de1511fa229cf65b4d3750 e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662 Loading...

	unknown	47 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 14:33:18 Times Seen941 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	unknown	47 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 14:33:19 Times Seen943 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet	646 kB	2024-05-07	2024-05-07
Pretty URL 1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 17:15:33 Last Seen2024-05-07 17:15:33 Times Seen1 Hash 687a012bf34d87a40baca79646bebb5c cf029a93105d7f94782a72a929ca6739cffbbedd 755887ec52abe75ae870c7d9aaff0814cfc52bd183902dc8e7d829ec9fa0abe5 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js	20 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen26 Hash adc7f8e289bd475a5a922c91b93591b2 540252cd02880714746d3656e61c67e7acab7fda 3b542ce26d333f558f94adb8cac49e58be95a5470eb3079d1dc0b2b7a7c97b6b Loading...

	v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js	853 kB	2024-05-07	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:20:17 Last Seen2024-05-08 09:00:23 Times Seen22 Hash c4d75347728629ec3f0b90dc82f0a3d2 ff949fe02da04d39be746f8d091a1a7b30126f7a 8ca2bd3ad104c33fb6189e87cab8992734ca6bf99a631ed413f63444b834d33b Loading...

	widget.suphelper.top/	196 B	2023-07-20	2024-05-19
Pretty URL widget.suphelper.top/ IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-20 14:42:12 Last Seen2024-05-19 14:33:18 Times Seen2114 Hash aa729c2ec64b60ce3b2052cc8edaa329 0f673deff4bffdd337a6220feb0b7b5b5ff666c4 9693391d461678be59d683100b1442f4ee65d2cf5bda3904fbf6232a7eb921ca Loading...

	widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js	1.0 MB	2024-05-02	2024-05-15
Pretty URL widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 12:28:02 Last Seen2024-05-15 07:03:13 Times Seen91 Hash 5997e7f54cf2aebf463f16902ccbc7fc 659b9677d6196eabd63ce0feb5f4466accb72df7 08d0ab3696a84b16c7cc5306bf6d83dd27f99a2ce221ed337bf09dec8ebf95db Loading...

	v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/52cc6f804124.js	715 B	2024-05-07	2024-05-07
Pretty URL v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/52cc6f804124.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:15:33 Last Seen2024-05-07 17:15:34 Times Seen2 Hash d7b02290885764ec0258b7a672ae3a9b 11fe57a2571848f4f07d56f19644ff3076f762d3 c66e02ef36f7b73f85a025fd87d2efeedd661a0fdf1efb46fb98190ad00a33b6 Loading...

	widget.suphelper.top/injector.js	208 kB	2023-12-17	2024-05-19
Pretty URL widget.suphelper.top/injector.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-17 15:23:16 Last Seen2024-05-19 14:33:18 Times Seen1025 Hash faa1c0b5a845868ac1a8071b6b87d458 71034e9bb2726a20b2afa197ff4e1b52c2ab976b d7585c13a4abd3b295a15b2bce2b2d7121a697f42ea85f89f40624ac26b075d0 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js	21 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:33 Last Seen2024-05-19 14:33:19 Times Seen107 Hash 598d5481ac96b9bf8013b0eb1413b8e5 cc7e3384da379a215ac43b2385e901e22ceb6327 1488ecc35389c72a3aa26d468420069f6b719db456ea82605762311da663b65f Loading...

	1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet	159 kB	2024-05-07	2024-05-07
Pretty URL 1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 17:15:33 Last Seen2024-05-07 17:15:33 Times Seen1 Hash 14c319f9c150551da9bf20c5ab53888d 4dfe4fc096adc7664afd493e4587b9ff2dad9de4 4aef66a9b0011944fcee7580e0ee04ffc9aabb86a3b815d62e25158db9b0c959 Loading...

	data:text/javascript,export const meta = import.meta;	32 B	2023-12-06	2024-05-19
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32:28 Last Seen2024-05-19 14:33:19 Times Seen967 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js	17 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen53 Hash fda91a0dd5e8251a0c4c540d7e54ed52 3c4a6e38286708cd62ff071ccf97e73f37200728 b3c3c2ee09cf4af0164878165cd9971fbfe83a461c18ad0ef7cfc33b36b782ef Loading...

	v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/26a83e840499.js	504 B	2024-05-07	2024-05-07
Pretty URL v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/26a83e840499.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-05-07 17:15:33 Last Seen2024-05-07 17:15:34 Times Seen2 Hash a360f35393be0ea4dcc9fd14523f01f7 50c77f70f871224399ad46784749bb4cb583a439 f45e605081d025648a731b46220356191e8accf3f7ea89374c4ddf6cfb5ce577 Loading...

	v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js	6.4 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:30:35 Last Seen2024-05-08 09:00:26 Times Seen65 Hash 60f915b0daad3af04303726381897e81 133c20a7f58c18758483c23f595d5a4f22ba9371 320b5a7d25c926dc55eb7a53f4348bf7c34bd7f5bc6ad3bcd1d16029239dc3a1 Loading...

	v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js	138 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen52 Hash 03b89bdb4f6013159d40de88c98403b6 cf41351caa86d91b56cf839d54ab28bf8f4f54f8 42d02ce0b520e2d8ce7341a0b07d92cd3833d762337b1f8aabc6f7f23e6fad4a Loading...

	widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js	3.8 kB	2023-10-05	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-05 09:17:37 Last Seen2024-05-19 14:33:19 Times Seen2064 Hash ba1681cca05ff7b4f8698587da76ab26 7113520b461dfcbdcbc1725a1acc6e05547bf20e bcfc83f65454f29634e61503e84d77f3fe8bc06451b90927bf842e9ad352ac64 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js	198 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:26 Times Seen44 Hash 191ff223860f458112e0be2a63bd9857 850dd681d5b31321f00b8df955a455aa9478e44e 40e1fe6d194776c5fa845dda1dbebda9c2bc3154d8c45793ae74a2e1bf147016 Loading...

	unknown	44 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 14:33:18 Times Seen943 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js	30 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen25 Hash 93a3cdd4ea0ae5eb295e71988355c5d4 0c9e334aebd99fb9c44575c99abda82d0b53acb1 104a5a19f0a8b4d443e55c32daf49eea2343ee96da27b48c21f09e1425081d62 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js	27 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen54 Hash ead4a901af60e4b8138e732f0aea9637 7c1d57d444a07553738ddcb8b6a2bee305a0c215 e6bc116e4cb54d011d2a1fa1f87ab12d1f320aa8dc54c89b1f286f2b02ee14c0 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js	101 kB	2024-04-24	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-05-15 18:55:38 Times Seen69 Hash 51ddc52774f4e5bd6a6f1c22e9d19674 374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4 642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442 Loading...

	widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js	78 kB	2024-01-20	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-19 14:33:21 Times Seen599 Hash dc6852529f28802d37affa5953d07260 4edd220fe8df4b009a1775ebe57f19d40999659f 4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84 Loading...

	widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js	37 kB	2023-10-13	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:04:09 Last Seen2024-05-19 14:33:21 Times Seen3222 Hash 6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3 Loading...

	1xlite-461430.top/en/promotions/sandbox%20eval%20code	147 B	2023-04-11	2024-05-19
Pretty URL 1xlite-461430.top/en/promotions/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-19 14:50:42 Times Seen350693 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	322 kB	2024-05-07	2024-05-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:15:33 Last Seen2024-05-07 17:15:36 Times Seen2 Hash cdc9852669497e6e92fd3952117a8f3f 00be7ac46b6d68913042157a53e62c965b0342da a84e8207cac36c7d76e0c8bad0697f3338ea33d5f246ddb39faad530ac860ceb Loading...

	widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js	107 kB	2024-04-25	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-19 14:33:18 Times Seen230 Hash d0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5 Loading...

	widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js	92 B	2023-03-07	2024-05-19
Pretty URL widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-19 14:33:18 Times Seen7993 Hash 7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js	77 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen54 Hash 45f90516ee8a557d78c08e1e925c1490 adc0363ed75f47f9513a36a94173c6e4940a2adc f5b8b3c4e62dbb4ebc5fd634f5bb17b3145a14c21bdc3e9c0a4dcb45b9e573fe Loading...

	widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js	141 kB	2023-03-08	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:26:33 Last Seen2024-05-19 14:33:21 Times Seen2520 Hash 896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4 Loading...

	v3.traincdn.com/_nuxt/check-ob.js	211 B	2024-04-24	2024-05-19
Pretty URL v3.traincdn.com/_nuxt/check-ob.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-05-19 14:33:19 Times Seen261 Hash ced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616 Loading...

	unknown	96 B	2023-12-06	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32:27 Last Seen2024-05-19 14:33:18 Times Seen967 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js	28 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen26 Hash 9167c6082d419d35f57a606871184d06 d4c4fac03b353c5881c352d6ac0c05947dc2e633 bed35ed9386f6d0d6f3096d00c7d14e042c5cb404f07ef0bb9abb4cc381e89c3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js	47 kB	2024-05-07	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:20:18 Last Seen2024-05-08 09:00:23 Times Seen22 Hash ef9def5f3c8a190bfffb14ce24c6eb58 c5fa568c8f9bee2aa988c80a7246e07edd8d84ba d5d3ad6908352036bda426fe1fdc6f1dc03ac13a7029bbf25fa50580abd9064f Loading...

	v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js	7.0 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen54 Hash 91d17dbf833b48149a8b5d2f21895879 bd71a45fa4419ab4ddbc676f0a9cca2be05e1703 f085ff2e310ab82817411e3ed64d0902de49e149d0958cadb91d518ed5854335 Loading...

	widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js	108 kB	2023-11-02	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:20:57 Last Seen2024-05-19 14:33:21 Times Seen2511 Hash 83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75 Loading...

	radar.cedexis.com/1/23802/radar.js	390 B	2024-02-13	2024-05-19
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23:26 Last Seen2024-05-19 14:33:20 Times Seen287 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js	481 kB	2024-01-20	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-19 14:33:21 Times Seen590 Hash 46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c Loading...

	unknown	39 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 14:33:18 Times Seen946 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js	954 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen54 Hash 1992415420cd9d59941e07133aa0c521 308a748fa982a440a112cb9e449f25a23bd6d83e 94a8f060251c7e705ee8c823783cb067e2844edb0f3900b6b0e91948d92ce907 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js	25 kB	2024-04-24	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-05-15 18:55:36 Times Seen55 Hash 701ad5a22b8ea7213a53e334d0898349 87749d947f6aa40eb671447b58261d710ec5479b 07669c2ea7c29dd69e47f5518ba73b76389f3479e19f7362b461ef0fff96c1f0 Loading...

	widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js	373 kB	2024-04-24	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-05-19 14:33:21 Times Seen224 Hash 36e4e2c2a2498b008514f1f0250c8018 cfa53d1c8533fb5941d9ff4f1e45e8c831658693 42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0 Loading...

	widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js	77 B	2023-03-07	2024-05-19
Pretty URL widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-19 14:50:28 Times Seen87520 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	178 kB	2024-05-07	2024-05-07
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:15:34 Last Seen2024-05-07 17:15:36 Times Seen2 Hash 1a560d94c098eeaaa284da14588fdc86 f873b01aab951a84d8b5f37392d90a1e368893a8 d953102aa6771f74b978464eb5ea2d639001ee8f6b0480413e31abcdc091ca5f Loading...

	1xlite-461430.top/polyfills.js	0 B	2023-03-07	2024-05-19
Pretty URL 1xlite-461430.top/polyfills.js IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 14:51:19 Times Seen37829215 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js	56 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen52 Hash 45302df89a240c65824afccc0240c030 84573118a402aa9a4ee0321ccf3f914c438a8369 25b695450684f580508f24855ea2d181ecd499e26573010621dd4a2ddc5af16a Loading...

	v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js	3.2 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:30:37 Last Seen2024-05-08 09:00:23 Times Seen67 Hash 0cc9277dab4117c9b162cc01e1f0b97f 5b7d9007e2d99d3715c5f226aadf44aa4da4332b 6d7637a83c7812813039573e9c67efbb30e4021a971c546621a397eb72ea4bd0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js	8.7 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen53 Hash a5db05d47f7f37c06acc29a0f4eeb447 b9ddddb586721548eaa4a62d7ae420bfcfc5bddb 4053d0ffbd3af6bc022131a3f123bd4e88825f1b5f06a74dd2072a2b0fe3f243 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js	69 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-19 14:33:20 Times Seen108 Hash 138de5d55ee831195dd90bbf5c557926 4413082980942643803d8d4567df2f8395c0e868 55a6d9d38b0c68a21367ae7ae43333bfa61e2eddd38b2376eb5b192f0a0383cd Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js	30 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-19 14:33:21 Times Seen106 Hash dfa127e93d125d4f6c566203eaf225f2 32c1fd89c4eeed7ac2a942582b3786659b15cd43 cf5077d1cff62ce76807408ebc2203563b7a221ddf1cf38339c6d54289bff390 Loading...

	unknown	34 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 14:33:18 Times Seen954 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

		Size	First Seen	Last Seen
	#1 Eval - 5595edcdc8f10ff53bde2de17dc2d887	32 kB	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 17:15:34 Last Seen2024-05-07 17:15:34 Times Seen1 Hash 5595edcdc8f10ff53bde2de17dc2d887 a53b3f2d07447c24bd7b05cdf4f662401fefe98d bf6d262d563a436b6ffa4cb4aa7094c589a60b871b254c0795d531d63290be1c Loading...

	#2 Eval - a1e809bcf9468cd8d89908eb9668050e	138 kB	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 17:15:34 Last Seen2024-05-07 17:15:34 Times Seen1 Hash a1e809bcf9468cd8d89908eb9668050e 423a7acd08f761bd15ea22620b42c132cd2931c5 45771af14cfddd4eb1a0b2a0acaf0d271f5b41391fa680b157d1f504e9270746 Loading...

HTTP Transactions (261)

URL IP Response Size

affpa.top/L?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions/wheel-bet&click_id=Gbjizwcgnzc4SQ1mj2DsfT

83.147.205.153

303 See Other

201 kB

URL User Request GET HTTP/2
affpa.top/L?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions/wheel-bet&click_id=Gbjizwcgnzc4SQ1mj2DsfT
IP
83.147.205.153:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subjectaffpa.top
Fingerprint97:C0:01:06:36:CA:D6:A5:08:8D:79:54:18:EF:74:D6:DE:50:1B:1C
ValidityFri, 03 May 2024 09:58:00 GMT - Thu, 01 Aug 2024 09:57:59 GMT

File type
data
Size
201 kB (201214 bytes)
Hash
0e06554ef7ae9d8a7fe81d972222ade1
f6bd788bf12164ca64e4d8a3f813f60167e428ec
c90bce51eba855b20b3598c22a0146cc86e037de4401f0a661dcdf3ce4c4f3db

HTTP Headers

GET /L?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions/wheel-bet&click_id=Gbjizwcgnzc4SQ1mj2DsfT HTTP/1.1
Host: affpa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
server: nginx
date: Tue, 07 May 2024 15:14:48 GMT
cache-control: private
location: https://1xlite-461430.top:443/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
x-aspnetmvc-version: 5.0
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.005
X-Firefox-Spdy: h2

1xlite-461430.top/polyfills.js

178.253.29.51

200 OK

0 B

URL GET HTTP/2
1xlite-461430.top/polyfills.js
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills.js HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (47215), with no line terminators
Size
15 kB (14752 bytes)
Hash
ef9def5f3c8a190bfffb14ce24c6eb58
c5fa568c8f9bee2aa988c80a7246e07edd8d84ba
d5d3ad6908352036bda426fe1fdc6f1dc03ac13a7029bbf25fa50580abd9064f

HTTP Headers

GET /_nuxt/desktop/default/runtime-baf5b66c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 14752
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-39a0"
content-encoding: gzip
expires: Tue, 07 May 2024 10:54:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-791cf8c9d7c609a0e426aebfe2a7e814-824d47046d8ee609-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:54:45+00:00, 2024-05-07T10:57:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css

185.244.209.62

200 OK

3.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (31339), with no line terminators
Size
3.2 kB (3226 bytes)
Hash
9e9b190c1ab8126c2576203d5d43ec63
a80ccb6739023605edbd86be13f38a58ff7f4906
c4a28e2bbc67a853613460727d4abba3687be55593a7513a4079ea34579fbb02

HTTP Headers

GET /_nuxt/desktop/default/css/ca542d7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: text/css
content-length: 3226
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-c9a"
content-encoding: gzip
expires: Wed, 08 May 2024 09:58:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-128c66a67a860f3e12fef3da68286c6e-185da908c578684c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:58:01+00:00, 2024-05-07T10:40:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js

185.244.209.62

200 OK

2.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8663), with no line terminators
Size
2.5 kB (2475 bytes)
Hash
a5db05d47f7f37c06acc29a0f4eeb447
b9ddddb586721548eaa4a62d7ae420bfcfc5bddb
4053d0ffbd3af6bc022131a3f123bd4e88825f1b5f06a74dd2072a2b0fe3f243

HTTP Headers

GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 2475
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-9ab"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c93fe97abf804f9952b5d710d560f6d9-e520a5e56b0d5bb6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css

185.244.209.62

200 OK

4.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32277), with no line terminators
Size
4.0 kB (3964 bytes)
Hash
eeaf257a8645b90669a2ea93b8fb534e
d81289258b7a5c126dd860232760852cc8ad865e
3a170c88ab694ad7552f7a84baa04ddb248c32b7f8ffe16d55dd73685de87aa6

HTTP Headers

GET /_nuxt/desktop/default/css/85148a0b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: text/css
content-length: 3964
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-f7c"
content-encoding: gzip
expires: Tue, 07 May 2024 12:54:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2e69f2a7a931f970be73232141a02d5b-41cfb79637c0ee12-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:54:58+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js

185.244.209.62

200 OK

7.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (28142), with no line terminators
Size
7.8 kB (7775 bytes)
Hash
9167c6082d419d35f57a606871184d06
d4c4fac03b353c5881c352d6ac0c05947dc2e633
bed35ed9386f6d0d6f3096d00c7d14e042c5cb404f07ef0bb9abb4cc381e89c3

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 7775
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1e5f"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f7d2f9a2d214bc1cef8924e720c9b2a8-3c5fb39c8643f7a5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js

185.244.209.62

200 OK

6.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (20014), with no line terminators
Size
6.3 kB (6258 bytes)
Hash
adc7f8e289bd475a5a922c91b93591b2
540252cd02880714746d3656e61c67e7acab7fda
3b542ce26d333f558f94adb8cac49e58be95a5470eb3079d1dc0b2b7a7c97b6b

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 6258
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-1872"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a0a7dcc66bda409c1182c03a9f9fc44d-0d6ab59e0d6492b9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css

185.244.209.62

200 OK

46 B

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
f506188b04c16eaa9c664ed23f7ce58e
08d068d7fa5a84beb06ba924a35d84d6bfdab30a
b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9

HTTP Headers

GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a233f37bdd4af97b824d6a491ac436dc-c696f90956c4bcc5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:47:35+00:00, 2024-05-07T14:34:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4632), with no line terminators
Size
1.1 kB (1113 bytes)
Hash
f74d8b7e31b6ab236a9577348874385d
87091e6542649037a05fc137fa449b713c85225d
b33d72295f1edbfc13da30236c4b811cffe4ba8ef758a515914cd69cf02edbf8

HTTP Headers

GET /_nuxt/desktop/default/css/5cfdf959.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: text/css
content-length: 1113
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-459"
content-encoding: gzip
expires: Wed, 08 May 2024 06:45:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-33403c71043774bc91a84178a496e5a6-719bb9981ab461d5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T06:45:39+00:00, 2024-05-07T09:06:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js

185.244.209.62

200 OK

8.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (29805), with no line terminators
Size
8.3 kB (8283 bytes)
Hash
93a3cdd4ea0ae5eb295e71988355c5d4
0c9e334aebd99fb9c44575c99abda82d0b53acb1
104a5a19f0a8b4d443e55c32daf49eea2343ee96da27b48c21f09e1425081d62

HTTP Headers

GET /_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 8283
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-205b"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2e59e93c2ee5ab96dc61d1ec61e8266c-09ddebc7dbce4f9c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/version.json

185.244.209.62

200 OK

44 B

URL GET HTTP/2
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
265e4e9c948f929631d7e9bcf0d19d5b
c70f40cde4e09003b980fdae5130f3695de16add
62ec6fa5c15470b882bd7e05f5651b0a265a0cb2857cffa5cbfa34b3d2cf42ba

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: application/json
content-length: 44
last-modified: Mon, 06 May 2024 10:24:15 GMT
etag: "6638afcf-2c"
content-encoding: gzip
expires: Mon, 06 May 2024 10:50:26 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-91198c0e914df2d9c33c1b37322ad5cb-bc53c2a571dd4e24-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:49:26+00:00, 2024-05-07T15:14:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9958), with no line terminators
Size
2.3 kB (2277 bytes)
Hash
76a1e3dd8e25bf9a48bdd896de779d20
38c3643e25808d1f3ab167273201eac8c113c088
aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273

HTTP Headers

GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: text/css
content-length: 2277
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-8e5"
content-encoding: gzip
expires: Tue, 07 May 2024 11:27:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8c15d20f498ed309828c092ece7a05bb-941aa0229a5c92d2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:27:59+00:00, 2024-05-07T12:10:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js

185.244.209.62

200 OK

225 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators
Size
225 kB (224914 bytes)
Hash
c4d75347728629ec3f0b90dc82f0a3d2
ff949fe02da04d39be746f8d091a1a7b30126f7a
8ca2bd3ad104c33fb6189e87cab8992734ca6bf99a631ed413f63444b834d33b

HTTP Headers

GET /_nuxt/desktop/default/app-1483c42a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 224914
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-36e92"
content-encoding: gzip
expires: Wed, 08 May 2024 09:01:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7ac44251614aab3028b316d8e89c9bde-555cd4a53cf90ac8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:01:03+00:00, 2024-05-07T09:06:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js

185.244.209.62

200 OK

267 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61101)
Size
267 kB (267237 bytes)
Hash
1992415420cd9d59941e07133aa0c521
308a748fa982a440a112cb9e449f25a23bd6d83e
94a8f060251c7e705ee8c823783cb067e2844edb0f3900b6b0e91948d92ce907

HTTP Headers

GET /_nuxt/desktop/default/vendors/app-d26cc899.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 267237
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-413e5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-caf0c55fa5aecf8ca0a3161484052db5-621c575bf494c7b7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:58+00:00, 2024-05-07T14:49:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js

185.244.209.62

200 OK

47 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
47 kB (46801 bytes)
Hash
03b89bdb4f6013159d40de88c98403b6
cf41351caa86d91b56cf839d54ab28bf8f4f54f8
42d02ce0b520e2d8ce7341a0b07d92cd3833d762337b1f8aabc6f7f23e6fad4a

HTTP Headers

GET /_nuxt/desktop/default/commons/app-2e30fd7d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 46801
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-b6d1"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fcbd253fb97bfcc34f1a4bd32dd25360-a0a76c38ba60fc96-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:58+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/035c0001.css

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/035c0001.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
14 kB (13859 bytes)
Hash
ac3b78bdd1c881f78913b967fd22a91f
15295665baa2ccaf71e8a093f333d087621a17ee
ee4c84a2fe257a888fcec5809b67b563aba3a4c52f102154ffa19a685434d835

HTTP Headers

GET /_nuxt/desktop/default/css/035c0001.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: text/css
content-length: 13859
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3623"
content-encoding: gzip
expires: Wed, 08 May 2024 09:01:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7a1ef81d335657c55e703b7b946897b9-1372633b7f0c8a4f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:01:03+00:00, 2024-05-07T09:06:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/colors/f60de5c9eabf4e3e2f1149075d3a68d7.css

185.244.209.62

200 OK

71 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/colors/f60de5c9eabf4e3e2f1149075d3a68d7.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
71 kB (70599 bytes)
Hash
f5660e254e49fc970ed60cdd9fa0ffc0
99bd04acc5c81d86e3ea183c872424079f6a8b6d
88e4f13928799629cae14787cb9544617f81f56b5fde28a42dca0fd3eaad2280

HTTP Headers

GET /genfiles/site-admin/colors/f60de5c9eabf4e3e2f1149075d3a68d7.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: text/css
last-modified: Tue, 07 May 2024 12:38:10 GMT
etag: W/"f60de5c9eabf4e3e2f1149075d3a68d7"
content-encoding: gzip
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3bfa94db5ed82e6a8509d999d5aed186-307d9fb2a31a0349-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:39:42+00:00, 2024-05-07T14:40:02+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a1c206789d9f8cd9b41f60fe41879f8a-b954a4c8aae03641-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-07T14:34:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-51f95067f41718788206fe10173539d7-b050d6cb928b8f62-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-07T14:43:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/check-ob.js

185.244.209.62

200 OK

187 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/check-ob.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
187 B (187 bytes)
Hash
ced67278c38d1ce1297c121af69fff8a
df6e1531fd84d956263b04254e6f94f5356623f4
2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616

HTTP Headers

GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Mon, 06 May 2024 10:23:37 GMT
etag: "6638afa9-bb"
content-encoding: gzip
expires: Tue, 07 May 2024 12:56:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-abff2ecc757f73cae8b2d12f1f34442c-490d8e0c710ba8aa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:56:18+00:00, 2024-05-07T11:36:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png

185.244.209.62

200 OK

653 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-57d9316972f7f7972f93faddd23f46c7-e1366bc4284c7a77-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-05-07T15:00:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
22 kB (21889 bytes)
Hash
45f90516ee8a557d78c08e1e925c1490
adc0363ed75f47f9513a36a94173c6e4940a2adc
f5b8b3c4e62dbb4ebc5fd634f5bb17b3145a14c21bdc3e9c0a4dcb45b9e573fe

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 21889
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5581"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-061a402b3fd135ac32de93bc728b607b-06bf4b85307e883d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js

185.244.209.62

200 OK

4.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12527), with no line terminators
Size
4.6 kB (4556 bytes)
Hash
805e7c2cd861f2191db66c39ab28e86b
a6353246547e9a9fd01093fcb784d708d187e3ef
82686dab55962ead6916346bd901b3fc03357bb2a0e74dfe966ff784d75b2368

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-11cc"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ad93059b4f240bc59a76abc3d418a85c-bfcc4532aac5a4b2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js

185.244.209.62

200 OK

8.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26717), with no line terminators
Size
8.1 kB (8055 bytes)
Hash
ead4a901af60e4b8138e732f0aea9637
7c1d57d444a07553738ddcb8b6a2bee305a0c215
e6bc116e4cb54d011d2a1fa1f87ab12d1f320aa8dc54c89b1f286f2b02ee14c0

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1f77"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cfe12751aae96d399886dc26d49e4992-9b925391b25e3ce3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css

185.244.209.62

200 OK

953 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3352), with no line terminators
Size
953 B (953 bytes)
Hash
748da80084597d87b4ff5e98b017b07b
db6ad2ec24bfcbe751a23061d935403e1163f471
4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24

HTTP Headers

GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: text/css
content-length: 953
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3b9"
content-encoding: gzip
expires: Tue, 07 May 2024 11:05:11 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9a3378d72c752ab656b1376225f7ffae-dcd7abde1f706706-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:05:10+00:00, 2024-05-06T15:18:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js

185.244.209.62

200 OK

2.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6960), with no line terminators
Size
2.1 kB (2120 bytes)
Hash
91d17dbf833b48149a8b5d2f21895879
bd71a45fa4419ab4ddbc676f0a9cca2be05e1703
f085ff2e310ab82817411e3ed64d0902de49e149d0958cadb91d518ed5854335

HTTP Headers

GET /_nuxt/desktop/default/date-fns-locale-21-290f49eb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 2120
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-848"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:15 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-42db75ae4d6459bcac0e2c4f424fbaac-467b2fe907555d15-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:15+00:00, 2024-05-06T16:05:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285

178.253.29.51

200 OK

141 B

URL GET HTTP/2
1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
141 B (141 bytes)
Hash
bd9be2fa89d26e9e6f1b2e08ffcd0ed6
90eae25ee792254c7ca97e98c5782078f9bdc37f
c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1920; SESSION=62a580b9db01b9181375582b577707ff
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 1191
x-request-id: 7f83d05d90731c813a539137998cc558
x-request-guid: 7f83d05d90731c813a539137998cc558
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.6920566558838, wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js

185.244.209.62

200 OK

999 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2336), with no line terminators
Size
999 B (999 bytes)
Hash
b44bc16cd2630bfada5ec9cbdbfcafab
43918946155d48f6cc8ecba42e2cf2cab28debd7
189ec6fd8e44cc47498706a2d2c815da1dc255040ef5ef57f5faa7c10c05ae42

HTTP Headers

GET /_nuxt/desktop/default/DC-7e6a4aad.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 999
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3e7"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cee06f83fabd72cedec1a337b0d3a161-7ac0a67769261dfe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:01+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css

185.244.209.62

200 OK

178 kB

URL GET HTTP/2
v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
178 kB (178092 bytes)
Hash
512ee69b18e98077cb9c656b7c39b1ed
96db3c187704ad454d261ca5739f78ac2d83fe96
be096c8357d7dddceb92c470137e37436cd88bf1a3bef8e463fc2d71ff6abca5

HTTP Headers

GET /sys-ui/2.2.11/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:41:52 GMT
etag: W/"5be31e73f9aaf3c05331c4f0cd80e4d9"
x-amz-meta-mtime: 1713872392.088051093
content-encoding: gzip
expires: Wed, 24 Apr 2024 14:28:29 GMT
cache-control: max-age=86400
x-time-ng: 0.008
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b23a6ebabc29d30ee43e15ed6fa69417-cebe20d5e26b6455-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T14:28:29+00:00, 2024-05-07T14:49:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

200 OK

23 B

URL POST HTTP/2
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
fa0f66cea71129b8d39012945beba8af
1b7c67c3fccdd59ef832583fc7a6b1411100ab85
09510c51a3725f41b2898b022641d4aabf747d8e3f8d2d8757f46287bc292851

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Content-Type: application/json
X-Lang: en
X-Uuid: 57814f3c-418e-45c1-93b0-eefb613f5be9
Content-Length: 81
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1920; SESSION=62a580b9db01b9181375582b577707ff
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js

185.244.209.62

200 OK

1.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2425), with no line terminators
Size
1.6 kB (1577 bytes)
Hash
3a0e4a54185bcc66d2e032dd30a385eb
627755ca54def0761f25f827d5b4cb483e1ca83d
e0bc5ffed1e6fd6285fea94e991fa8ec48a5f17677519c766d7ee7e757a02239

HTTP Headers

GET /_nuxt/desktop/default/Betting.Core-d4a24bae.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 1577
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-629"
content-encoding: gzip
expires: Tue, 07 May 2024 10:54:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a0c8efadab3b40d234889c1c25e72225-bc309535c31bfd52-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:54:52+00:00, 2024-05-07T11:19:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3229), with no line terminators
Size
1.5 kB (1451 bytes)
Hash
0cc9277dab4117c9b162cc01e1f0b97f
5b7d9007e2d99d3715c5f226aadf44aa4da4332b
6d7637a83c7812813039573e9c67efbb30e4021a971c546621a397eb72ea4bd0

HTTP Headers

GET /_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5ab"
content-encoding: gzip
expires: Wed, 08 May 2024 08:42:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7dc6851989071a071cd874a159452037-9229e3fa73110b67-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:42:00+00:00, 2024-05-07T09:23:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css

185.244.209.62

200 OK

459 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1526), with no line terminators
Size
459 B (459 bytes)
Hash
97fdf5b6e7dfddf6ab251e984133b2c3
bb552fe685c52c34e0ed91e4dfaa9df2675ad086
92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3

HTTP Headers

GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: text/css
content-length: 459
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1cb"
content-encoding: gzip
expires: Tue, 07 May 2024 11:05:30 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1d5bb7059f02d1b4938d0a393e4bc7ba-1ffdd01881328c3e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:05:30+00:00, 2024-05-06T15:37:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators
Size
17 kB (16831 bytes)
Hash
45302df89a240c65824afccc0240c030
84573118a402aa9a4ee0321ccf3f914c438a8369
25b695450684f580508f24855ea2d181ecd499e26573010621dd4a2ddc5af16a

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.media-233f5bf5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 16831
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-41bf"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-06T14:32:16+00:00
traceparent: 00-70bb36dc1f7bc3fc972681eb640dc624-b6323d53098c6b3e-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7000), with no line terminators
Size
1.5 kB (1486 bytes)
Hash
f379bc6f4b94f34d96f6fe51159bee63
f4c0d4dbef1e1e734e84e05d75e4ff950d06eb60
b2a5bd6495250a19500dd5a6ca62f045c8b70226a668dc63ef40c78883bdae11

HTTP Headers

GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: text/css
content-length: 1486
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5ce"
content-encoding: gzip
expires: Tue, 07 May 2024 14:34:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ae7173d9bb749a89594673955db65544-0aaa127528083063-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:34:32+00:00, 2024-05-06T17:08:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js

185.244.209.62

200 OK

4.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16761), with no line terminators
Size
4.7 kB (4726 bytes)
Hash
fda91a0dd5e8251a0c4c540d7e54ed52
3c4a6e38286708cd62ff071ccf97e73f37200728
b3c3c2ee09cf4af0164878165cd9971fbfe83a461c18ad0ef7cfc33b36b782ef

HTTP Headers

GET /_nuxt/desktop/default/betting.media-64ed71be.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 4726
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1276"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-06T14:32:16+00:00
traceparent: 00-b4c14d048a29877f8974fa2a7d1b5c20-4e45a773bdb9346e-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137

178.253.29.51

200 OK

176 B

URL GET HTTP/2
1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
176 B (176 bytes)
Hash
ac86deb03def477abf768a8455c8aa90
87bbc45a47946c01a6f494da652c5b1940e4a62c
6a19047f1e73a26daaac3ec171356c005d39984c931de6c0c0b4184ade05c55b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1280; SESSION=62a580b9db01b9181375582b577707ff
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: application/json; charset=utf-8
content-length: 176
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

1xlite-461430.top/session-api/sessions/user

178.253.29.51

200 OK

16 B

URL GET HTTP/2
1xlite-461430.top/session-api/sessions/user
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
646b2e82b65602d35f7aa6283c387e3a
b163a70c5df8e4b0861a23a04f8a6f78393747f4
b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1280; SESSION=62a580b9db01b9181375582b577707ff
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.9819736480713, wf-uht;dur=0.011
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en

178.253.29.51

200 OK

2 B

URL GET HTTP/2
1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1280; SESSION=62a580b9db01b9181375582b577707ff
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=9.92, dt_total;dur=11.103, wf-uht;dur=0.019
traceparent: 00-af0734d4e3b70128581c10a1c35e7110-e54dd7ea0bac89ba-01
x-dt: 285
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg

178.253.29.51

200 OK

263 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
SVG Scalable Vector Graphics image
Size
263 B (263 bytes)
Hash
28e2c161800b61b985a163f5c492ae51
8845ea940210b4ccb195cca855a598e6aaa58ed0
77c93c24e4eb0f8815a7526d405818c9a38ba6e4317f1fee588fffbc00cb17de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1280; SESSION=62a580b9db01b9181375582b577707ff
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: image/svg+xml
content-length: 263
last-modified: Fri, 23 Feb 2024 10:01:24 GMT
etag: "28e2c161800b61b985a163f5c492ae51"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg

178.253.29.51

200 OK

296 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
SVG Scalable Vector Graphics image
Size
296 B (296 bytes)
Hash
b1bf63d00887bb0354e9d89c7d790a01
2d64ab25c9afff682abd6732f62ba62a197e972b
a6a4fbbd99a0a82de03f05da827ccd9d019574bf3450727530403c2b5ce92df0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1280; SESSION=62a580b9db01b9181375582b577707ff
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: image/svg+xml
content-length: 296
last-modified: Fri, 23 Feb 2024 10:03:47 GMT
etag: "b1bf63d00887bb0354e9d89c7d790a01"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg

178.253.29.51

200 OK

506 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
SVG Scalable Vector Graphics image
Size
506 B (506 bytes)
Hash
9c340eae608db0c25657b4a73d769afe
988fbf333a2e9290211cd9e6b7c98c59719012b0
b92e969acd8a1e0f9cfd1f84080ca5ccb8cb49b105299434c275a8813faf841e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1280; SESSION=62a580b9db01b9181375582b577707ff
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Fri, 23 Feb 2024 10:03:36 GMT
etag: "9c340eae608db0c25657b4a73d769afe"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/checker/redirect/stat/run/

178.253.29.51

200 OK

14 B

URL GET HTTP/2
1xlite-461430.top/checker/redirect/stat/run/
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
14 B (14 bytes)
Hash
2de0d0acfd684235f066bd0ec0c9e3df
68d0cb64805a42d7e40f43e8e198986b43dd6b69
9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1280; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-03T07:12:40+00:00
traceparent: 00-7d2eb0736adcb6152a3016110f3d8a41-0db45ed513b0bcdc-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/52cc6f804124.js

185.244.209.62

200 OK

715 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/52cc6f804124.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (714)
Size
715 B (715 bytes)
Hash
d7b02290885764ec0258b7a672ae3a9b
11fe57a2571848f4f07d56f19644ff3076f762d3
c66e02ef36f7b73f85a025fd87d2efeedd661a0fdf1efb46fb98190ad00a33b6

HTTP Headers

GET /sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/52cc6f804124.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: text/javascript; charset=utf-8
content-length: 715
last-modified: Tue, 07 May 2024 14:08:15 GMT
etag: "d7b02290885764ec0258b7a672ae3a9b"
x-amz-meta-mtime: 1715090739.536183414
expires: Wed, 08 May 2024 14:12:33 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T14:12:33+00:00
traceparent: 00-03ea4cfda5f45dfd8a14988788672e8a-227c641d4ca0f2ac-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/26a83e840499.js

185.244.209.62

200 OK

504 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/26a83e840499.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (503)
Size
504 B (504 bytes)
Hash
a360f35393be0ea4dcc9fd14523f01f7
50c77f70f871224399ad46784749bb4cb583a439
f45e605081d025648a731b46220356191e8accf3f7ea89374c4ddf6cfb5ce577

HTTP Headers

GET /sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/26a83e840499.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: text/javascript; charset=utf-8
content-length: 504
last-modified: Tue, 07 May 2024 14:08:15 GMT
etag: "a360f35393be0ea4dcc9fd14523f01f7"
x-amz-meta-mtime: 1715090739.528183352
expires: Wed, 08 May 2024 14:12:33 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T14:12:33+00:00
traceparent: 00-900520f12a782e710a711f0203123e21-8eef5280ccb5d926-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/sounds/new-message.mp3

172.64.148.184

200 OK

30 kB

URL GET HTTP/2
widget.suphelper.top/sounds/new-message.mp3
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
MPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo
Size
30 kB (29952 bytes)
Hash
ef9af24dc7dbd24ffd99c832e1300351
f78744a5013038446c468de14f205f2d52373fd6
5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9

HTTP Headers

GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:54 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"7500-18f381bf786"
cf-cache-status: HIT
age: 1433
expires: Tue, 07 May 2024 19:14:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802298f8f8a56bb-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js

185.244.209.62

200 OK

169 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
169 kB (169175 bytes)
Hash
b5a597dcd765a913eb9a9fe1a8262b50
d6a2d93f8a19d4186f45ec7741693fe840812171
6a43c273d62e4c9651b3cc5cb4fb81fff8242dbcdcd351ee6236740e1c3bfc01

HTTP Headers

GET /sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 14:40:26 GMT
etag: W/"138de5d55ee831195dd90bbf5c557926"
x-amz-meta-mtime: 1715006282.054749806
content-encoding: gzip
expires: Tue, 07 May 2024 15:18:13 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-555b9b4e71daec5cec4fe0b4bab0ec13-88ef0f9f3038208c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T15:18:13+00:00, 2024-05-06T15:55:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js

172.64.148.184

200 OK

108 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
108 kB (108258 bytes)
Hash
e7df9657eff9b95f1ef6463cfc41730e
0da482f10789c69a08a1d7a04d4b1917a0f42423
7f2dc570cd7c62b9ab89b46ec69c8f9d15d8a654254096ecc268246e00aceca0

HTTP Headers

GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 596819
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298b580f56bb-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js

185.244.209.62

200 OK

45 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
45 kB (44573 bytes)
Hash
7eaa7333cb0e6eb28834ceafcb663c82
f3179e86265a2806c8b303c03da21a9fc317c213
04917b819d7e0c6d13197a4d2fc249118cca285edcb4d51e2aa07553a8743372

HTTP Headers

GET /sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 14:40:26 GMT
etag: W/"598d5481ac96b9bf8013b0eb1413b8e5"
x-amz-meta-mtime: 1715006282.054749806
content-encoding: gzip
expires: Tue, 07 May 2024 15:32:23 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-54943e001d01554ae05bcc2914526469-b647733fc07c74d1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T15:32:23+00:00, 2024-05-07T12:56:57+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js

172.64.148.184

200 OK

104 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
104 kB (103479 bytes)
Hash
32881fa1467756d2c456dc0f42dc58c1
a895e45488d9c5ce48d4ce07352abc3331c12b83
46a00b88632d3fb8fc3079cb4ee6566de016a50ecda32dd4c017c23381d2bf36

HTTP Headers

GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 596819
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298b580956bb-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js

185.244.209.62

200 OK

114 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
114 kB (114128 bytes)
Hash
38c14faaa9048db64ab7b3f8399bfe23
089ea64c0ed27a9e624ad9503d4dd05d1a6a4c7f
4f15055bea3bef2900585691426aacb654ffa44a8b035f20d4f202b9e8a98136

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 14:40:26 GMT
etag: W/"518e0ae196483ada8b528a1f2b7df0a1"
x-amz-meta-mtime: 1715006282.054749806
content-encoding: gzip
expires: Tue, 07 May 2024 15:18:11 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6510fa9f44faeccf0332070a8df6de22-65ef30e81907b627-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T15:18:11+00:00, 2024-05-06T15:53:14+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js

185.244.209.62

200 OK

401 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
401 kB (400762 bytes)
Hash
3279a8f761915390e61d806ba308c1e7
0df895346b9408ef1de33e857ceb8bda24158d0a
cccd1c348d52d22dcb32721d6b373776ec2839c5976004b45cc7bd10c6d5a75c

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 13:05:33 GMT
etag: W/"701ad5a22b8ea7213a53e334d0898349"
x-amz-meta-mtime: 1715000580.880463816
content-encoding: gzip
expires: Wed, 08 May 2024 12:42:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c6942c5460ae5a2b74b8289be20589dc-895f3a2fe0f7193b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:42:07+00:00, 2024-05-07T12:51:04+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg-modal-sm.png

185.244.209.62

22 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg-modal-sm.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 300 x 384, 8-bit colormap, non-interlaced
Size
22 kB (21826 bytes)
Hash
f3d658114fabe920924c0a04006c99f3
fb2c771f18f033e15518b9613f125d8c6b5974fb
6b6238d18444d496485e783e1b1390ee8d05d15a2faa433e12db43e97c180487

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/bg-modal-sm.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:55 GMT
content-type: image/png
content-length: 21826
last-modified: Wed, 15 Nov 2023 08:09:45 GMT
etag: "f3d658114fabe920924c0a04006c99f3"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-21T21:05:05+00:00
traceparent: 00-949a9869cf75973d57190c48bde13f36-139157f94cddd481-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg-modal.png

185.244.209.62

84 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg-modal.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 954 x 631, 8-bit colormap, non-interlaced
Size
84 kB (83859 bytes)
Hash
0212b288b8e42c03fb5c998703979369
e0c97fdddabd92ec8b2c75921424ac35ee479021
fc3b7b016ef8f586b9030601f492e2768aa7fa081f7de7284e501aee8909da05

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/bg-modal.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:55 GMT
content-type: image/png
content-length: 83859
last-modified: Wed, 15 Nov 2023 08:09:46 GMT
etag: "0212b288b8e42c03fb5c998703979369"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-21T21:05:05+00:00
traceparent: 00-7a6f659243e9740ed410e2467cf3fed4-98d5a41be01aed61-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg-modal-md.png

185.244.209.62

33 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg-modal-md.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 640 x 241, 8-bit colormap, non-interlaced
Size
33 kB (33159 bytes)
Hash
35a6fc3c5e3c0a8a2edf0afb5f11ae51
d7b150e5d8bda4159c3d8df6cc97bc14aa911faa
ff9d73e0cdc7fb6abc3ba688fd99c2c4fa02db23a12367645bdab3e0aa39e605

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/bg-modal-md.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:55 GMT
content-type: image/png
content-length: 33159
last-modified: Wed, 15 Nov 2023 08:09:46 GMT
etag: "35a6fc3c5e3c0a8a2edf0afb5f11ae51"
x-time-ng: 0.079
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-21T21:05:04+00:00
traceparent: 00-d02eedfb950b66f5c5e716403e2fe866-68cd7b6718830fc0-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/not-available.png

185.244.209.62

741 B

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/not-available.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 30 x 34, 8-bit colormap, non-interlaced
Size
741 B (741 bytes)
Hash
20dc9615d00d0b41d165bbd81d27d4eb
15fedf85f294dd472d60a160c7c8f42e23beec3b
a06cb168275016f3ef9855789fab4e1573abf0be0b6ae6ba3f8a886922ca11be

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/not-available.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:55 GMT
content-type: image/png
content-length: 741
last-modified: Wed, 15 Nov 2023 08:09:40 GMT
etag: "20dc9615d00d0b41d165bbd81d27d4eb"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-21T21:07:33+00:00
traceparent: 00-c0ae110bd0d3a6d75997706a9f7926bb-ffe341992e6d9117-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_buildManifest.js

172.64.148.184

200 OK

11 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/f385e6db/_buildManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
11 kB (10930 bytes)
Hash
c3f5edd2e3599a47d893536ef3a1abc0
504931e1f833fb6f87c481ee1568bb42db666d1d
e64091fc247dd922b99447b79bd051d8e85f69ae70c146b3add602999e83c08d

HTTP Headers

GET /_next/static/f385e6db/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"207-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 461237
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298b581c56bb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-modal.png

185.244.209.62

11 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-modal.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 664 x 333, 8-bit colormap, non-interlaced
Size
11 kB (10844 bytes)
Hash
f272ce9226c4d2cce4f29804ad2e67a8
902035422d3dd02a9f47518802b1dede2dd4f8e0
efc060941ecc035adf117291c5f630d8a27cb789d02d52701d50be93dbef424d

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/coins-modal.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:55 GMT
content-type: image/png
content-length: 10844
last-modified: Wed, 15 Nov 2023 08:09:42 GMT
etag: "f272ce9226c4d2cce4f29804ad2e67a8"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-21T21:06:54+00:00
traceparent: 00-be86875c6ed42ef2af57d6d16e2293de-e8d6b1851bbd7ecd-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-md.png

185.244.209.62

11 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-md.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 473 x 411, 8-bit colormap, non-interlaced
Size
11 kB (11398 bytes)
Hash
584e5721ed6fc7ff490fcacad2c29b72
543580f66fff7a05f601940dc98c9867046277d7
0c31fd6c2f8f4212c78bf42f3e8f03bce2162ad85578502c304bb50e5d3038b4

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/coins-md.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:55 GMT
content-type: image/png
content-length: 11398
last-modified: Wed, 15 Nov 2023 08:09:43 GMT
etag: "584e5721ed6fc7ff490fcacad2c29b72"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T14:27:55+00:00
traceparent: 00-ade98e29d406d16c5e1cbb823f198181-4dd9d0dfc4e7b2a5-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-tab-1.png

185.244.209.62

14 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-tab-1.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 1011 x 317, 8-bit colormap, non-interlaced
Size
14 kB (13616 bytes)
Hash
bfe95965feeb258fb926212928c91895
fede9c24a1dee9664827472c899884658f75a0b6
05c04cc3cc3a29421f493fbc1632f4b4df60e45849d4b1ee1edb215958660eb1

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/coins-tab-1.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:55 GMT
content-type: image/png
content-length: 13616
last-modified: Wed, 15 Nov 2023 08:09:42 GMT
etag: "bfe95965feeb258fb926212928c91895"
x-time-ng: 0.018
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T14:17:39+00:00
traceparent: 00-62eaff94fabe580406db43cc6b49db42-c8d30eba52a64eeb-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js

172.64.148.184

200 OK

45 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
45 kB (45166 bytes)
Hash
3aae87e03460bb113e566efb2c2e342e
624edba45624709501e6d2318147a1fa44ef76f5
90c4c5d11bfda45d7aa63e787596431691aa241db7daf543dc66832ce7c94378

HTTP Headers

GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"8f42-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 600881
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298efe6856bb-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-bottom.png

185.244.209.62

8.5 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-bottom.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 631 x 101, 8-bit colormap, non-interlaced
Size
8.5 kB (8530 bytes)
Hash
30d68039c4aa17eec5c6851592d09b3a
3efe06ebf6246ea1038b237f06d512dfd5a895e0
f81eabacc8b5e0cf41de56a7d177f5e1848bb5be563f4b98a3e6ebbaa4cb69cc

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/line-bottom.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:55 GMT
content-type: image/png
content-length: 8530
last-modified: Wed, 15 Nov 2023 08:09:41 GMT
etag: "30d68039c4aa17eec5c6851592d09b3a"
x-time-ng: 0.004
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-24T23:53:39+00:00
traceparent: 00-9f6e4f7fe2e3f586fe2d4a3561374abf-e9e3824242498dd8-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-modal-bottom.png

185.244.209.62

8.4 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-modal-bottom.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 662 x 99, 8-bit colormap, non-interlaced
Size
8.4 kB (8432 bytes)
Hash
fbc8c4ca00e2ca9e3932ef3178152748
94d32d9a2d617636044e46a337b035def017ee72
6163a56401f7b0a01bd8cb02b8c6135a58b8ceaf22543d63c790364dcb45f316

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/line-modal-bottom.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:55 GMT
content-type: image/png
content-length: 8432
last-modified: Wed, 15 Nov 2023 08:09:41 GMT
etag: "fbc8c4ca00e2ca9e3932ef3178152748"
x-time-ng: 0.079
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-26T12:55:16+00:00
traceparent: 00-4223bdf0abccab628544948cbde97c67-bb7b00ecd0428cd3-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person-md.png

185.244.209.62

38 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person-md.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 340 x 698, 8-bit colormap, non-interlaced
Size
38 kB (37957 bytes)
Hash
ea62ce421290b849807ba3479204f22c
def98e2b2d888cc7432b803b89777899ea85ed83
d3321878900eab952b8517763d060c22f3a33b1509dbf1a5b4e6461c19868346

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/person-md.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:55 GMT
content-type: image/png
content-length: 37957
last-modified: Wed, 15 Nov 2023 08:09:40 GMT
etag: "ea62ce421290b849807ba3479204f22c"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T14:27:58+00:00
traceparent: 00-814e862ad04dd44629f813547d47fb7c-27ab627f0626df6d-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-md.webp

185.244.209.62

11 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-md.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
11 kB (11170 bytes)
Hash
386bde2102de14d58339c852bd38e06a
49bb599bbe5c06d537890cbb2940ab38840258bf
4695fcc638997d404d69d39badf6f480a69addb9d6be026d4a58016f24db7930

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/coins-md.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/webp
content-length: 11170
last-modified: Wed, 15 Nov 2023 08:09:43 GMT
etag: "386bde2102de14d58339c852bd38e06a"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T14:58:24+00:00
traceparent: 00-0d18ddf35891c1f8f26995f8010d9066-5d0f855de75b6720-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/injector.js

172.64.148.184

200 OK

908 kB

URL GET HTTP/2
widget.suphelper.top/injector.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
908 kB (908192 bytes)
Hash
efe482bf18be479e792e9c92db01fe14
04136cf4c3823ba84d24363ea0f2e7c29e93ff6c
cccbdf1073f586d06df95965d354267ae1a11c458b4289fc36478caef8c87e1a

HTTP Headers

GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:52 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"32e7a-18f381bf77a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 24
expires: Tue, 07 May 2024 19:14:52 GMT
server: cloudflare
cf-ray: 88022988dbf456bb-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-sm.webp

185.244.209.62

8.6 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-sm.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
8.6 kB (8550 bytes)
Hash
732ba048fd5210acc34a16b9cb695a81
d5b729ae66784afcdf482904634152e23c9112bb
ca91019b23d93d2a2c16ea5cf93b4ac60376c9dc40dad19bd2886cf185b4a6c5

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-sm.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/webp
content-length: 8550
last-modified: Wed, 15 Nov 2023 08:08:24 GMT
etag: "732ba048fd5210acc34a16b9cb695a81"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T15:08:38+00:00
traceparent: 00-c1d046e8d6aa324205873276348ca13a-8c816cbf9b719fff-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-top.png

185.244.209.62

7.6 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-top.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 631 x 92, 8-bit colormap, non-interlaced
Size
7.6 kB (7625 bytes)
Hash
65178f3b0a19c75d64d24f22e047664f
5d1f08431e1a60f0d256937ecff6d119c8bdc832
53b9fa530ad8441d60fe627acd4f66720a0479327258df2f9d4dc241315af97a

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/line-top.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/png
content-length: 7625
last-modified: Wed, 15 Nov 2023 08:09:40 GMT
etag: "65178f3b0a19c75d64d24f22e047664f"
x-time-ng: 0.067
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-24T23:54:02+00:00
traceparent: 00-5c22de6086a9677e44f656e8203cae76-7494ad421c12df97-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person-tab.png

185.244.209.62

93 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person-tab.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 457 x 1091, 8-bit colormap, non-interlaced
Size
93 kB (93196 bytes)
Hash
c8445d93b49f947b0e199766f004a175
f7c88fa271b38e44b299ac4c1bc59c306838aed5
0c0ef066ad6e3103440de2df8eaec11c041bdb02777e641557b78151a6194ae2

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/person-tab.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:55 GMT
content-type: image/png
content-length: 93196
last-modified: Wed, 15 Nov 2023 08:09:40 GMT
etag: "c8445d93b49f947b0e199766f004a175"
x-time-ng: 0.047
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T14:57:13+00:00
traceparent: 00-d4b8ea2e9819646d18087274217b2ff8-39bb3fd921a2522a-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-modal-top.png

185.244.209.62

8.4 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-modal-top.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 703 x 99, 8-bit colormap, non-interlaced
Size
8.4 kB (8393 bytes)
Hash
2bf563655f552a5c41e55847e35b5dc9
c0d20ecdd7f2d7c1ecda173913372ce5a22897cb
fc019808675fc2cc1fe86582b803a9ffbc3046b190f94869833d6c36eab73679

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/line-modal-top.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/png
content-length: 8393
last-modified: Wed, 15 Nov 2023 08:09:40 GMT
etag: "2bf563655f552a5c41e55847e35b5dc9"
x-time-ng: 0.006
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-26T12:54:39+00:00
traceparent: 00-4e6706886450e62a3686110c763ea34a-0670d936eca3a4fe-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person-tab.webp

185.244.209.62

86 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person-tab.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
86 kB (85822 bytes)
Hash
2b31876239d7477574e1f6c28e9226b8
2f0aaab7061b5268da322768b7bb9e2ee4849cda
dec68c7ee18d3f0739456ec1f96edec787d39e2b0d67683eca0d537c15bcde41

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/person-tab.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/webp
content-length: 85822
last-modified: Wed, 15 Nov 2023 08:09:39 GMT
etag: "2b31876239d7477574e1f6c28e9226b8"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T14:57:17+00:00
traceparent: 00-30d7fd111b8379732e50ecf5a00d48e5-20b10fb51041c466-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external-md.png

185.244.209.62

42 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external-md.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 508 x 490, 8-bit colormap, non-interlaced
Size
42 kB (41966 bytes)
Hash
14cf7dd6b977a86820688da92be750e7
2a1f5759ce2398b0b52b2807cdf8ddf5e38a019c
a75eccad428fa865346dacd05d2dc89a5eda9de0ee5d9b292f943cbe33fd1940

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-external-md.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/png
content-length: 41966
last-modified: Wed, 15 Nov 2023 08:08:28 GMT
etag: "14cf7dd6b977a86820688da92be750e7"
x-time-ng: 0.004
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T15:13:22+00:00
traceparent: 00-8462f2f156a5456a0ce80cfdeee735e5-83957ce6cdc24315-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-md.png

185.244.209.62

22 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-md.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 344 x 345, 8-bit colormap, non-interlaced
Size
22 kB (21981 bytes)
Hash
5480c9459e1e9e02874f8302f2ce028a
45067ece8decc72463f568c9745495c31710f18f
30c6edd2790a05b416072aad2afc01b5524aae9b6cca9a89fd73cceb4268ff65

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-md.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/png
content-length: 21981
last-modified: Wed, 15 Nov 2023 08:08:25 GMT
etag: "5480c9459e1e9e02874f8302f2ce028a"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T14:57:14+00:00
traceparent: 00-8f1477fce9e05705ceb9c5f168f3f9e2-e77855e5fc268382-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-light-md.png

185.244.209.62

13 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-light-md.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 302 x 302, 8-bit colormap, non-interlaced
Size
13 kB (13394 bytes)
Hash
5fbe7fe2d6477f6381307e8b8e205146
487e50d6f73609791fe027b3355d9dea07fe0f2c
054bdc3abb0033c9328a4a1b5223b283349555fddb35f442e5aa21b847ed434d

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-light-md.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/png
content-length: 13394
last-modified: Wed, 15 Nov 2023 08:08:22 GMT
etag: "5fbe7fe2d6477f6381307e8b8e205146"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T14:28:00+00:00
traceparent: 00-f90c49b97d30d63d9ca4e5424fa77723-9166ec4abd82d6cc-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/blik.png

185.244.209.62

1.3 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/blik.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 103 x 56, 8-bit colormap, non-interlaced
Size
1.3 kB (1277 bytes)
Hash
9a901afc44d0db8d99560f5fdeac9cd3
c4f63f282c334a0af06fcbf4f10275d3be7b9f87
11f7f4511af8fe7d6292e340517376d7fa7850153dee5953007fe68d21f92f57

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/blik.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/png
content-length: 1277
last-modified: Wed, 15 Nov 2023 08:09:43 GMT
etag: "9a901afc44d0db8d99560f5fdeac9cd3"
x-time-ng: 0.045
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-26T13:17:53+00:00
traceparent: 00-b6b5c104b12566f30a118c92cda3d155-c24c85302af402a0-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-tab-1.webp

185.244.209.62

12 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-tab-1.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
12 kB (12430 bytes)
Hash
6d8b79282ea938ebc164543780bf6c95
b6d2d84a6848483f92def2ebbe42b2f3e0ae649b
30aae6f5426e82f3124451d70a82798d1b3d0da5066ed6b0ba29d1158988b963

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/coins-tab-1.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/webp
content-length: 12430
last-modified: Wed, 15 Nov 2023 08:09:42 GMT
etag: "6d8b79282ea938ebc164543780bf6c95"
x-time-ng: 0.046
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T14:28:01+00:00
traceparent: 00-74dca8f405d111092bc739a3b2cbdfdf-e390d7f2390c624f-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins.webp

185.244.209.62

30 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
30 kB (30308 bytes)
Hash
afeb21e89500b7d2f76c11e9c26db33a
1f1aeba726915f8183b9bafa4666008827f4ed6f
989c6db4825fd3d9f125a7915c07de6a672cf08b971c0e60593a1ff192101cf4

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/coins.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/webp
content-length: 30308
last-modified: Wed, 15 Nov 2023 08:09:41 GMT
etag: "afeb21e89500b7d2f76c11e9c26db33a"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T14:28:01+00:00
traceparent: 00-243b57e7d2001c5264d5c07a0d09ca84-05cc3337c744bcdf-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg__desc.webp

185.244.209.62

118 B

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg__desc.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
118 B (118 bytes)
Hash
b58d632409efb03916cfef3229576c55
c2fb66483c899f427b0354d52b080ce8bb6b47c4
b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/bg__desc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-572a307f4e5a7fae576de86d90eb3677-68a87f286b51477e-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-light.png

185.244.209.62

36 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-light.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 604 x 604, 8-bit colormap, non-interlaced
Size
36 kB (35620 bytes)
Hash
2b4eba7f5f5cc445fdb5f527787b5035
62a02ab999f211485a86432d7bf77a19a2cee01d
b9e2a1998ff9b48d5f5f32e5edded584d326abd3586cd44bfdae0ba0429ec944

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-light.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/png
content-length: 35620
last-modified: Wed, 15 Nov 2023 08:08:23 GMT
etag: "2b4eba7f5f5cc445fdb5f527787b5035"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T14:34:35+00:00
traceparent: 00-582ff9d500b73c04850cdaf55064119e-74fc60b4d319ad99-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/7cf92a6ad5dd.css

185.244.209.62

200 OK

19 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/7cf92a6ad5dd.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
19 kB (19418 bytes)
Hash
4afd400c959979c5c8aea520cccee533
3dd0aae9401e0cb17de92556b5a25bc9c103fa52
88e013aa0b49784b53f29bd97df256af3d5717519aa74cf23a1a43d9c5e8ae14

HTTP Headers

GET /sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/7cf92a6ad5dd.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 07 May 2024 14:08:15 GMT
etag: W/"bac057f37c069276bd125b5d58da8733"
x-amz-meta-mtime: 1715090739.536183414
content-encoding: gzip
expires: Wed, 08 May 2024 14:12:20 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T14:12:20+00:00
traceparent: 00-062c1ce8e24bf1e2016caa139e2d27c0-12bfbc139fd8becf-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-131019888-1&l=dataLayer&cx=c

142.250.74.168

71 kB

URL
www.googletagmanager.com/gtag/js?id=UA-131019888-1&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
71 kB (70773 bytes)
Hash
604bfb01bd6f0e17327782aefb8e36b9
6262a7ffbc3150056a876815894a06810c60d8a9
dfe9f521b94b9fac30baac5a9b630026032cf1461c5a86cd503cb7dd8bcd2753

HTTP Headers

GET /gtag/js?id=UA-131019888-1&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 15:14:56 GMT
expires: Tue, 07 May 2024 15:14:56 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70773
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external-md.webp

185.244.209.62

44 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external-md.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
44 kB (43722 bytes)
Hash
01419e8765b9a2155475a1a4d5c5f050
4ac00539264029113306ed95e7317e500a173780
d9f068635bbc801f2831512588121de1e5acdc5c48c6c2d0a317b914d36c7aaf

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-external-md.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/webp
content-length: 43722
last-modified: Fri, 15 Dec 2023 11:22:27 GMT
etag: "01419e8765b9a2155475a1a4d5c5f050"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T14:57:17+00:00
traceparent: 00-9fd3b5027b00f08743d6ee7f393ec6ca-11d3e132c3284b6c-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-sm.png

185.244.209.62

49 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-sm.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 345 x 345, 8-bit colormap, non-interlaced
Size
49 kB (48850 bytes)
Hash
76e616589092e2a075a2f9ef294e66b0
712cbbfd77a0d429c981efafa38c68bb53546f39
89008b1fcf47490063c1cc59004a2895af55ba57e9bf166713ab1473903712d7

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-sm.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/png
content-length: 48850
last-modified: Wed, 15 Nov 2023 08:08:25 GMT
etag: "76e616589092e2a075a2f9ef294e66b0"
x-time-ng: 0.006
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T14:28:00+00:00
traceparent: 00-85434a40cbc36cda53cbacf0911e9435-dbc1e4317b57c610-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner.webp

185.244.209.62

14 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
14 kB (14290 bytes)
Hash
f502eacdec6ffdf0ddf5210a4999ac15
a78dfce0d1a01deb7b78bf1555e61690545fad6b
d760731175f9c7bf1f5bd8c425fda80462c39e4586119370411e5485a97cc929

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/webp
content-length: 14290
last-modified: Wed, 15 Nov 2023 08:08:24 GMT
etag: "f502eacdec6ffdf0ddf5210a4999ac15"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T14:57:18+00:00
traceparent: 00-63e9fa9ec700abd2a90db114ca489b07-382359ca59d6b57c-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-btn.webp

185.244.209.62

4.1 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-btn.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
4.1 kB (4104 bytes)
Hash
588f3b952822319125d8a21cb3e21469
4c46b0913dfb859fbfe3266b97ef65eea094dcaa
afeee16776a05a2b85a4f244c582dcb1b096ba141f000627a7e1563160ecdbdc

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-btn.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/webp
content-length: 4104
last-modified: Wed, 15 Nov 2023 08:08:28 GMT
etag: "588f3b952822319125d8a21cb3e21469"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-02T10:23:21+00:00
traceparent: 00-71a5e6b8fe7df58c4c2c35d3bba5ced5-1e168825b5522603-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner.png

185.244.209.62

76 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 687 x 689, 8-bit colormap, non-interlaced
Size
76 kB (75745 bytes)
Hash
ba4739c3bfd31e5b6f1270c3f8e55f6c
ba0a2bb1ac255a9ba8fa73db6d9366897c0ef4c7
593723276ba15f7651302477014bbd9873a13dd0d8b4cd3de97db20287712884

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/png
content-length: 75745
last-modified: Wed, 15 Nov 2023 08:08:24 GMT
etag: "ba4739c3bfd31e5b6f1270c3f8e55f6c"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T14:57:14+00:00
traceparent: 00-252fb142e2c373479784876c309e6de7-eea52edbf84f2411-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person.png

185.244.209.62

128 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 679 x 1396, 8-bit colormap, non-interlaced
Size
128 kB (128051 bytes)
Hash
3eca2e5366710fc3f2f799e00986927b
9d372c52d999396e39fb4b5c9b8fff4cacbefff9
29ee5fb61866f6d5afc908865cfa812d0e6050f5684ba33849a7714f324a0d3f

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/person.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/png
content-length: 128051
last-modified: Wed, 15 Nov 2023 08:09:38 GMT
etag: "3eca2e5366710fc3f2f799e00986927b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T14:57:13+00:00
traceparent: 00-ce44ac01117f40695283672e9e90e8f3-a0f4b0b71cc004b5-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-light-md.webp

185.244.209.62

17 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-light-md.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
17 kB (17374 bytes)
Hash
386e2b6405329591c3528dc854b1bcd5
029f4b2de40e7f67778b3cdb020cb6fb2c88411b
9ae570ff70b272591fe9643cf539340c177db56599cc30b9ada0016d9e3fdd66

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-light-md.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/webp
content-length: 17374
last-modified: Fri, 15 Dec 2023 11:22:27 GMT
etag: "386e2b6405329591c3528dc854b1bcd5"
x-time-ng: 0.049
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T14:28:04+00:00
traceparent: 00-f58633e4147c3285c1a1fef6137ed8eb-47dc5bffd1f4669e-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external.png

185.244.209.62

211 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 1016 x 980, 8-bit colormap, non-interlaced
Size
211 kB (210956 bytes)
Hash
0d6d5e8b177cb328e9929bbd949d7f4f
02dcde0ab126cd56705cc1da52cf277ebce5eb73
0e81d0c29d2493b98ce6e336ce30215a39995f4a6d900333df7b6bd7d01e5ee0

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-external.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/png
content-length: 210956
last-modified: Wed, 15 Nov 2023 08:08:28 GMT
etag: "0d6d5e8b177cb328e9929bbd949d7f4f"
x-time-ng: 0.104
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T14:57:14+00:00
traceparent: 00-bd31443f11cb6edfb01d1249cecedd0f-13861ba22a13712a-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person.webp

185.244.209.62

104 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
104 kB (103654 bytes)
Hash
744d3d08cbd126d56242095da9c56b37
bbd86ca9a1b7a4db623255731f4ec9c9e6a5eae3
2aef83bfe4bd2976deb730c5b892f4b95a4fe74d328b65a35d610cb7aeb3e872

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/person.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/webp
content-length: 103654
last-modified: Wed, 15 Nov 2023 08:09:38 GMT
etag: "744d3d08cbd126d56242095da9c56b37"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T15:08:38+00:00
traceparent: 00-ed349bf22119cdaca2d7b18a2cefdc27-a608c52ca90b7d9f-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external.webp

185.244.209.62

192 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
192 kB (191936 bytes)
Hash
d1a1bf3175394f1b5480727d951f9144
f3840ae9f328ac04f31e3b4bb90f8b6c4758ee89
7c9fb1f84cfec05795dacbfbdcda39b58b0a9ea7064bb11766b519a10c29249c

HTTP Headers

GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-external.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: image/webp
content-length: 191936
last-modified: Fri, 15 Dec 2023 11:22:27 GMT
etag: "d1a1bf3175394f1b5480727d951f9144"
x-time-ng: 0.104
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T14:57:17+00:00
traceparent: 00-a9acd11d99226b5c7252ec57cca1020a-aeded4cc8ca60d81-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b0276b0a7ae86d0dc87c292efc4ad16c.json

178.253.29.51

200 OK

884 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b0276b0a7ae86d0dc87c292efc4ad16c.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
884 B (884 bytes)
Hash
c2eb16bc46aea587d16e3eb8bff889ad
ed5e1e8dfaf6a7f9d067aed73191d522d71f6510
37c40a123ec6f4f9ebd9f26e2ccb1df2cfbfb98cee84ec03bb6153e6351590b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b0276b0a7ae86d0dc87c292efc4ad16c.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
content-length: 884
last-modified: Thu, 31 Aug 2023 12:36:01 GMT
etag: "c2eb16bc46aea587d16e3eb8bff889ad"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/c6fd0f94684461b018b5d68900173ba3.json

178.253.29.51

200 OK

473 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/c6fd0f94684461b018b5d68900173ba3.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
473 B (473 bytes)
Hash
e67aa19ef00fd2285c7b4ecbb6018306
5b01d4786d6fbfbd5de7901eb4359a55466f434a
135c1042c31e3674d8a1b3b9e7179f4f36868048ca6058ea458ff291b8880b5e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/c6fd0f94684461b018b5d68900173ba3.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
content-length: 473
last-modified: Tue, 06 Jun 2023 13:22:27 GMT
etag: "e67aa19ef00fd2285c7b4ecbb6018306"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/73ad3e60e189f328e251a53aec716273.json

178.253.29.51

200 OK

846 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/73ad3e60e189f328e251a53aec716273.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
846 B (846 bytes)
Hash
730bd58f457e46b6ac3b9f6028a8e162
79d4e964a4de0e58973705ff75bd01d22dd163e5
e167d372543fa4e7e3b4c8a17f67dbfb6a60adc1371ae5c7e7e8ebff97829485

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/73ad3e60e189f328e251a53aec716273.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
content-length: 846
last-modified: Mon, 07 Aug 2023 13:49:51 GMT
etag: "730bd58f457e46b6ac3b9f6028a8e162"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9b68ddfb3774b1a7929de6e484aca49a.json

178.253.29.51

200 OK

167 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9b68ddfb3774b1a7929de6e484aca49a.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
167 B (167 bytes)
Hash
03158ff80c6e448da55d5672eb032b77
fc39a273b30415c7431f21fecdc4a5bf2694c7e2
e584a61ab508b69c5b9a4ab2e4dd86e3b7e7094547c4739d048ab1f639a8025c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/9b68ddfb3774b1a7929de6e484aca49a.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
content-length: 167
last-modified: Tue, 22 Aug 2023 06:44:19 GMT
etag: "03158ff80c6e448da55d5672eb032b77"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/ab7b4a1bc60033d1ee0be64d0074e4b0.json

178.253.29.51

200 OK

976 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/ab7b4a1bc60033d1ee0be64d0074e4b0.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
976 B (976 bytes)
Hash
5004f1883be9a4a8985c93b9323311d3
3d2a8c62126da89fd84c27b59e816d27a3862e07
af74469643e07baba128bf91fdd87f0f255c8503fae04cb3d17961b600f0617d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/ab7b4a1bc60033d1ee0be64d0074e4b0.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
content-length: 976
last-modified: Wed, 07 Jun 2023 08:08:57 GMT
etag: "5004f1883be9a4a8985c93b9323311d3"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7V60YW2S5H&cid=1791400071.1715094896&gtm=45je4510v893859730za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1799425337

142.250.74.163

42 B

URL
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7V60YW2S5H&cid=1791400071.1715094896&gtm=45je4510v893859730za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1799425337
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7V60YW2S5H&cid=1791400071.1715094896&gtm=45je4510v893859730za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1799425337 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 May 2024 15:14:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json

178.253.29.51

200 OK

543 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
543 B (543 bytes)
Hash
2f999350fc2eea344d910e8a01de406d
bcfeaa8fadc7ca87115d7e36c955bd0df504b8ad
c73c55fa3a522662241013a108e6043dd4cde3fbfa2be0ed4a4940582e26ed36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
content-length: 543
last-modified: Thu, 29 Feb 2024 14:14:28 GMT
etag: "2f999350fc2eea344d910e8a01de406d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json

178.253.29.51

200 OK

822 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
822 B (822 bytes)
Hash
be781196159e458a9a157a93f6981363
54b5bb6ddb54aefb6dc1eeeab89afdf48079e959
71bf1763541ee0d4298863f03c291b09029668d448e8077518717b8810ac910f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
content-length: 822
last-modified: Mon, 08 Apr 2024 09:13:00 GMT
etag: "be781196159e458a9a157a93f6981363"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json

178.253.29.51

200 OK

499 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
499 B (499 bytes)
Hash
e3d17d66f9e675ca9273e04470203275
e676da597ad577652921e9af98e79b986ec158ae
5c26acb3823aedc062268da24385061135d42171888bb5f5a0a8f63ba09c67d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
content-length: 499
last-modified: Mon, 05 Jun 2023 14:13:26 GMT
etag: "e3d17d66f9e675ca9273e04470203275"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6cedaf252b67d0dbabeecb596db64871.json

178.253.29.51

200 OK

547 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6cedaf252b67d0dbabeecb596db64871.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
547 B (547 bytes)
Hash
b26a415353b83bc6b08c1cdab5caee2f
85c655b0c74e2a3f6bef230062f2dff910fc6e4e
5a17c23c2edc35555f543a1b5cc623d99383b384d0577d20352c1073439ef663

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/6cedaf252b67d0dbabeecb596db64871.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 02 Feb 2024 08:24:16 GMT
etag: W/"b26a415353b83bc6b08c1cdab5caee2f"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.013
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json

178.253.29.51

200 OK

958 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
958 B (958 bytes)
Hash
24ec1c171afe6836881e2fba1ed559a0
588a08d22de446d484f8f51402994f37ff2527c2
a0c14f5476683e6eb7381c1820c0e914c02911ab9d24170e61548e661017f96f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
content-length: 958
last-modified: Tue, 18 Apr 2023 10:33:32 GMT
etag: "24ec1c171afe6836881e2fba1ed559a0"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json

178.253.29.51

200 OK

184 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
184 B (184 bytes)
Hash
36777c63209967831ddd2926e229b69b
7a59de3bd5fd0406a1becbd4fc6bdb49a996a0fa
c2087429233dc14f1ad96cf9b7d1f4ecf0f32fabab7fc37999644a488d10dbc2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
content-length: 184
last-modified: Thu, 09 Nov 2023 06:22:56 GMT
etag: "36777c63209967831ddd2926e229b69b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7V60YW2S5H&gtm=45je4510v893859730za200&_p=1715094895230&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1791400071.1715094896&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715094895&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fpromo-frame%2Fen%2Fpromotion%2Fwheel-bet&dr=https%3A%2F%2F1xlite-461430.top%2Fen%2Fpromotions%2Fwheel-bet%3Ftag%3Dd_2757227m_18607c_%26pb%3Dfc40969f4a5547868aa12f11866bc762%26click_id%3DGbjizwcgnzc4SQ1mj2DsfT%26click_id%3DGbjizwcgnzc4SQ1mj2DsfT%26site_id%3Dfe58442c%26partner_id%3D7f99719f-6df0-4574-8194-8edfe800f8f3%26r%3Dpromotions%2Fwheel-bet&dt=Site&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2333

216.239.34.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-7V60YW2S5H&gtm=45je4510v893859730za200&_p=1715094895230&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1791400071.1715094896&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715094895&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fpromo-frame%2Fen%2Fpromotion%2Fwheel-bet&dr=https%3A%2F%2F1xlite-461430.top%2Fen%2Fpromotions%2Fwheel-bet%3Ftag%3Dd_2757227m_18607c_%26pb%3Dfc40969f4a5547868aa12f11866bc762%26click_id%3DGbjizwcgnzc4SQ1mj2DsfT%26click_id%3DGbjizwcgnzc4SQ1mj2DsfT%26site_id%3Dfe58442c%26partner_id%3D7f99719f-6df0-4574-8194-8edfe800f8f3%26r%3Dpromotions%2Fwheel-bet&dt=Site&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2333
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7V60YW2S5H&gtm=45je4510v893859730za200&_p=1715094895230&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1791400071.1715094896&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715094895&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fpromo-frame%2Fen%2Fpromotion%2Fwheel-bet&dr=https%3A%2F%2F1xlite-461430.top%2Fen%2Fpromotions%2Fwheel-bet%3Ftag%3Dd_2757227m_18607c_%26pb%3Dfc40969f4a5547868aa12f11866bc762%26click_id%3DGbjizwcgnzc4SQ1mj2DsfT%26click_id%3DGbjizwcgnzc4SQ1mj2DsfT%26site_id%3Dfe58442c%26partner_id%3D7f99719f-6df0-4574-8194-8edfe800f8f3%26r%3Dpromotions%2Fwheel-bet&dt=Site&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2333 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Tue, 07 May 2024 15:14:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e146d07dba2ed6087cb9b401ce8b1b43.json

178.253.29.51

200 OK

712 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e146d07dba2ed6087cb9b401ce8b1b43.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
712 B (712 bytes)
Hash
338264fc869e8f0b86b0d6c9d92102b0
83b4d35816df0e1486b766251e74d23f28b77824
015355a44429f40dd63b566dd1e9b1b76af3dfa28dcd25a43e82820ba0847b8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e146d07dba2ed6087cb9b401ce8b1b43.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 02 Feb 2024 08:33:56 GMT
etag: W/"338264fc869e8f0b86b0d6c9d92102b0"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/bonus

178.253.29.51

200 OK

7.6 kB

URL GET HTTP/2
1xlite-461430.top/web-api/bonus
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
7.6 kB (7629 bytes)
Hash
7ae4e8cce7a1e0cb747eec504d0b9a56
c1774de52d91fe890499d94c6dafcaf32a032fde
9ec5756188b32c1bd163ae843df891cd6c73433c7429d06cfddb4f34528a77e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/bonus HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=234, dt_total;dur=236.290, wf-uht;dur=0.249
traceparent: 00-f4b90f31a5b8dd27e1887cd02506bf51-93b4164457e2c872-01
x-dt: 285
x-time-ng: 0.236
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7V60YW2S5H&gtm=45je4510v893859730za200&_p=1715094895230&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1791400071.1715094896&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1715094895&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fpromo-frame%2Fen%2Fpromotion%2Fwheel-bet&dr=https%3A%2F%2F1xlite-461430.top%2Fen%2Fpromotions%2Fwheel-bet%3Ftag%3Dd_2757227m_18607c_%26pb%3Dfc40969f4a5547868aa12f11866bc762%26click_id%3DGbjizwcgnzc4SQ1mj2DsfT%26click_id%3DGbjizwcgnzc4SQ1mj2DsfT%26site_id%3Dfe58442c%26partner_id%3D7f99719f-6df0-4574-8194-8edfe800f8f3%26r%3Dpromotions%2Fwheel-bet&dt=Site&en=scroll&epn.percent_scrolled=90&tfd=3164

216.239.34.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-7V60YW2S5H&gtm=45je4510v893859730za200&_p=1715094895230&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1791400071.1715094896&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1715094895&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fpromo-frame%2Fen%2Fpromotion%2Fwheel-bet&dr=https%3A%2F%2F1xlite-461430.top%2Fen%2Fpromotions%2Fwheel-bet%3Ftag%3Dd_2757227m_18607c_%26pb%3Dfc40969f4a5547868aa12f11866bc762%26click_id%3DGbjizwcgnzc4SQ1mj2DsfT%26click_id%3DGbjizwcgnzc4SQ1mj2DsfT%26site_id%3Dfe58442c%26partner_id%3D7f99719f-6df0-4574-8194-8edfe800f8f3%26r%3Dpromotions%2Fwheel-bet&dt=Site&en=scroll&epn.percent_scrolled=90&tfd=3164
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7V60YW2S5H&gtm=45je4510v893859730za200&_p=1715094895230&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1791400071.1715094896&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1715094895&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fpromo-frame%2Fen%2Fpromotion%2Fwheel-bet&dr=https%3A%2F%2F1xlite-461430.top%2Fen%2Fpromotions%2Fwheel-bet%3Ftag%3Dd_2757227m_18607c_%26pb%3Dfc40969f4a5547868aa12f11866bc762%26click_id%3DGbjizwcgnzc4SQ1mj2DsfT%26click_id%3DGbjizwcgnzc4SQ1mj2DsfT%26site_id%3Dfe58442c%26partner_id%3D7f99719f-6df0-4574-8194-8edfe800f8f3%26r%3Dpromotions%2Fwheel-bet&dt=Site&en=scroll&epn.percent_scrolled=90&tfd=3164 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Tue, 07 May 2024 15:14:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store.jpg

185.244.209.62

200 OK

49 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x250, components 3
Size
49 kB (49253 bytes)
Hash
1c2fbcd07b32b9cb53fce335a61c25b3
49a90889c78c1a98157fa4f37784ed68c0923bfb
2537e87525f9f356342c592f4ed11dc54833c992f615cf0d7c4f56055908f7b0

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/promo-store.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/jpeg
content-length: 49253
last-modified: Tue, 16 May 2023 09:09:12 GMT
etag: "1c2fbcd07b32b9cb53fce335a61c25b3"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9760234db3b8f01b37532e2166ab5e78-2cba002895245194-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:07:45+00:00, 2024-05-07T15:01:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.330/285/common.svg

185.244.209.62

200 OK

74 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.330/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
74 kB (73697 bytes)
Hash
28c9a01f742e2f5874d5e1758f310052
64028ab3c1b0922d840c1c6e7e65c1b7c2b495db
5449b8e6b4137816d16e6960c5ec9a87cb152d51568acc167ee533730438563e

HTTP Headers

GET /sys-icons/1.0.330/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 09:41:01 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713260458.134664491
content-encoding: gzip
expires: Fri, 19 Apr 2024 12:42:12 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5a5c5a72b01ae846347efee3aa394e9c-ce76c669899a7271-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:42:12+00:00, 2024-05-06T15:18:42+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.jpg

185.244.209.62

200 OK

47 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, progressive, precision 8, 315x250, components 3
Size
47 kB (47326 bytes)
Hash
216a38d79f9477b9511e8d6e833776c5
c815c57cfd39b9c878cf00fba194565e2f9d83e2
57cbedf6644066e605c780a59efd060413a8a464ff8531fd9334dcd58a2a1658

HTTP Headers

GET /genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/jpeg
content-length: 47326
last-modified: Sat, 13 Jan 2024 19:54:13 GMT
etag: "216a38d79f9477b9511e8d6e833776c5"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ac18cde5bc11f8d03633c8d5f7db1bdf-eea3e524979c81ed-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-14T13:18:00+00:00, 2024-05-07T14:48:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit.jpg

185.244.209.62

200 OK

44 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, progressive, precision 8, 315x250, components 3
Size
44 kB (43559 bytes)
Hash
c37fcadea18df30563df3801edbc452e
79ad3ca2442918aa4c8c7647e4cda21081eaaef3
f5cd0b9aff7d896d296fbca52989ef5e15c3ec075d94a08fc5cda37367325858

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/jpg
content-length: 43559
last-modified: Tue, 11 Apr 2023 17:52:48 GMT
etag: "c37fcadea18df30563df3801edbc452e"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-15T20:42:36+00:00
traceparent: 00-8b396b137b79bae81e8df3cc5c3519bb-bb864370b664d740-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json

178.253.29.51

200 OK

36 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
36 kB (35815 bytes)
Hash
4ceca6711e35f002e5d82e7e710000c1
1bd282f8a354b362b4a860ef3fa2fb915f9211a8
cbb3ecf2ae1465a5d387c3e4582a5bafa1368c96db6ad3cdef0951a363dd9f0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 06:25:42 GMT
etag: W/"4ceca6711e35f002e5d82e7e710000c1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json

178.253.29.51

200 OK

46 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
46 kB (45983 bytes)
Hash
f117f2ecd3a10db0e2d79159b68fcf2f
c3477f016b8a8001b765835b30c64ef6f6a37c95
59d4508907da1d618732422129b741f7288c7b344d0d0d6236f16e16c0bc257d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 26 Jun 2023 07:10:34 GMT
etag: W/"f117f2ecd3a10db0e2d79159b68fcf2f"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.jpg

185.244.209.62

200 OK

57 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 315x250, components 3
Size
57 kB (57016 bytes)
Hash
b36c33ea87fb7182f2f9421abfb72690
580f23b173130d4a62bca8cd1407aec579a53604
3f605506d69c625bc8ea7b0be5ed54a0fa25553c8483d04a9758cbde1ed7c9f4

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/jpeg
content-length: 57016
last-modified: Mon, 15 May 2023 10:48:49 GMT
etag: "b36c33ea87fb7182f2f9421abfb72690"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:07:45+00:00
traceparent: 00-be217e626c907efbbb99d9feee4bf630-44d2364e5f02f5bc-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/become-legend.jpg

185.244.209.62

200 OK

90 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/become-legend.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, progressive, precision 8, 315x250, components 3
Size
90 kB (89964 bytes)
Hash
e0c1361334cb5a6aa3754a26333118d5
ab90e5a90f440d0021e8f4203009ff0e502a21d7
9b6d8913e5ab587260c00c70cfa1753c922da4504b1b83e77b51aafc431b06dc

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/become-legend.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/jpeg
content-length: 89964
last-modified: Fri, 01 Mar 2024 08:28:39 GMT
etag: "e0c1361334cb5a6aa3754a26333118d5"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-15T20:49:53+00:00
traceparent: 00-55bfb43fb5eec5159ee47940cc639f67-a372747a8c0b3ca3-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.jpg

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 315x250, components 3
Size
16 kB (16420 bytes)
Hash
b518acee0104246b098bda6134889bc4
e4ca37cab5e6dd8ee57a68d8603a1411e51dfe4b
40b4c87fa9509cc9ca4bd5386c74a81eb68e779059838fe2b31ab7c88b2be463

HTTP Headers

GET /genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/jpeg
content-length: 16420
last-modified: Mon, 22 Jan 2024 16:34:45 GMT
etag: "b518acee0104246b098bda6134889bc4"
x-time-ng: 0.013
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-710c154ad9d5ac66d9e7ac9ae8b46b9d-7803085cb1cdfaa1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-10T10:44:06+00:00, 2024-05-07T15:01:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store.webp

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
22 kB (22354 bytes)
Hash
376807f6eceb28fcc2624716e09fbbd9
baf70080537063c8b9df5d817edd6f97d2b66a37
66ccd156391c11311536fe220c908a69687ae95701c6ae2a24e139938dcb70e7

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/promo-store.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 22354
last-modified: Tue, 16 May 2023 09:09:04 GMT
etag: "376807f6eceb28fcc2624716e09fbbd9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-652c0363ded173d525d0153d477188ba-db46de3a9a442354-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T08:27:23+00:00, 2024-05-07T14:18:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/bonus-api/bonus?currency=NOK&language=en

178.253.29.51

200 OK

31 kB

URL GET HTTP/2
1xlite-461430.top/bonus-api/bonus?currency=NOK&language=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
31 kB (31260 bytes)
Hash
3f3bd442e05857c71ca82b3d06825551
1e9e557aeff15a847510b0217465505ae5e2d266
beaa45613af85f47f9561ab54c226998b01c04ebb103b15e937d4999b6644be6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bonus-api/bonus?currency=NOK&language=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=223.13714027405, dt_total;dur=251.504, wf-uht;dur=0.265
traceparent: 00-bf394549d8356e3251243ad362d9892a-16e6232c7ba9b603-01
vary: Accept-Encoding
x-dt: 285
x-request-id: 34a37840c05b665b7dbb24b9cb63c3bc
x-time-ng: 0.229
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.webp

185.244.209.62

200 OK

44 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
44 kB (44068 bytes)
Hash
820c2301c27f8e114d81fccc88c8cbee
247adbb42e4149425c90a98095b859347c016ff1
22c6ceb46195434759afbbe5f799723d4cf658d22d312fb7f194c88782a2cda4

HTTP Headers

GET /genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 44068
last-modified: Sat, 13 Jan 2024 19:54:13 GMT
etag: "820c2301c27f8e114d81fccc88c8cbee"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-452719b7673b4a30cd9a19c04e354ab9-27a278a3db62b57a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-14T09:54:27+00:00, 2024-05-07T14:18:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.webp

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
22 kB (22154 bytes)
Hash
39d1dc105345cff4c37199d4ae2857d4
dbeba1282f82a8fbca0045713fee8bf48bd58098
6085511f9d0d73ae4e466fc3392ddad94f271750d945bde6b5abb4143d86d9e9

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 22154
last-modified: Mon, 15 May 2023 10:48:41 GMT
etag: "39d1dc105345cff4c37199d4ae2857d4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d5dae5cc3e2aaab113075c0228f11686-492c0a98ab5665c0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:27:22+00:00, 2024-05-07T14:40:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6383baf4fc61037b3c4990e9b55f947b.json

178.253.29.51

200 OK

40 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6383baf4fc61037b3c4990e9b55f947b.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
40 kB (40327 bytes)
Hash
5964e3e4fd5fa89ee9aee228e1572aa9
a2496d82f9dd777e1095c853e4fe281f33ce131f
6483a840daa604ea63da72f2defeb1cc09e4e4ee09243966f7d7ba49e351e940

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/6383baf4fc61037b3c4990e9b55f947b.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 05 Dec 2023 11:58:07 GMT
etag: W/"5964e3e4fd5fa89ee9aee228e1572aa9"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json

178.253.29.51

200 OK

30 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
30 kB (30526 bytes)
Hash
dfe0c8d8abf7084df9e624f1f4065e59
6cbd38545e7ff3ee00aca5c80f5eb9847da631b5
e596939ede2be48722c636d78de1ec21e3ab6b65a7d86044ea2cff3fe3e8897f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 18:28:29 GMT
etag: W/"dfe0c8d8abf7084df9e624f1f4065e59"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json

178.253.29.51

200 OK

49 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
49 kB (48731 bytes)
Hash
becb2e7c22d23ed7b8c378c346c643f1
0b4c891625b0a2b9b528309353d7f614dd6c7b3b
d30163973a6fb0b5e99419860a2b5c37a83887cacd08115b71032b1b40220edb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 07 Mar 2024 10:41:59 GMT
etag: W/"becb2e7c22d23ed7b8c378c346c643f1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.webp

185.244.209.62

200 OK

9.5 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
9.5 kB (9528 bytes)
Hash
e74e38a96e2b86b49bce5a4ecdb2e456
8ed3fce32fa8d91d39bd0bb642e3c45516d8a9eb
f7ca5371dc68183854f2893aa3d99bba1e080f3b2d6146a99e7561f9b79dbe87

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 9528
last-modified: Fri, 12 May 2023 09:54:31 GMT
etag: "e74e38a96e2b86b49bce5a4ecdb2e456"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:36:29+00:00
traceparent: 00-89f8f4f128be65ed11593a14a7108891-7337100213bee84b-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.webp

185.244.209.62

404 Not Found

118 B

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
118 B (118 bytes)
Hash
b58d632409efb03916cfef3229576c55
c2fb66483c899f427b0354d52b080ce8bb6b47c4
b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176

HTTP Headers

GET /genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-eb426d77f508023bd2ab88b1616ad74a-a12b8d7762899178-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/become-legend.webp

185.244.209.62

200 OK

108 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/become-legend.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
108 kB (107976 bytes)
Hash
314b18cfe996f7ac145db7d302dcf1b3
cf49cfe63d75c447b4da918bd06d8938584edbfa
cd0f72608f9e60537a3a489e47cc2c2718e23837bd24f1dc502d110ccef6bd3c

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/become-legend.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 107976
last-modified: Fri, 01 Mar 2024 08:28:39 GMT
etag: "314b18cfe996f7ac145db7d302dcf1b3"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-03-01T11:44:46+00:00
traceparent: 00-036374833de7c97c5690e6e862864659-6cd3b7f05bdce844-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/goalless-football.webp

185.244.209.62

200 OK

50 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/goalless-football.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
50 kB (50494 bytes)
Hash
2eb5029e4de53b55ebbbcd6f2bc5f4d9
78e0d7382e7196ef120697bd25c86ce971cf1352
4f46fd0d8f32a4585f0c880fa91cbdfce37bc675c645a2d8e84210baba13440b

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/goalless-football.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 50494
last-modified: Wed, 06 Sep 2023 08:29:12 GMT
etag: "2eb5029e4de53b55ebbbcd6f2bc5f4d9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b7838b3624cbbf6d14924913cb0f334d-02499045404ea089-01
x-id: osix-hw-edge-gc4
cache: REVALIDATED, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit.webp

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
10 kB (10366 bytes)
Hash
a55f6bc5288f59157c1f4b0d99200c4f
64b37d821bf692cea5cde5734b3230cecd2b1ae0
0f29e044bfb569e9205e03de27030a08d6b32de2da815a72b059dca1cfea8707

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: application/octet-stream
content-length: 10366
last-modified: Tue, 11 Apr 2023 17:52:48 GMT
etag: "a55f6bc5288f59157c1f4b0d99200c4f"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:03:14+00:00
traceparent: 00-5066881deff213d90fb8863737b338bd-3d79a1cc9203df89-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137.webp

185.244.209.62

404 Not Found

118 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
118 B (118 bytes)
Hash
b58d632409efb03916cfef3229576c55
c2fb66483c899f427b0354d52b080ce8bb6b47c4
b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/1st/1-137.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0575ae106e2300306e68d9ec75479397-fde8d51cf633918f-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/dailytournament.webp

185.244.209.62

200 OK

41 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/dailytournament.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
41 kB (40640 bytes)
Hash
eacf930d797f369ee8a944b514a4fd6d
ea83544e05b4e9712fc8a044dc41e4b64dd42d3f
883351a2289a9fc1075ccaea228649d3ec00383ac6f9ec02d553659e4304d604

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/dailytournament.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 40640
last-modified: Thu, 13 Apr 2023 11:50:39 GMT
etag: "eacf930d797f369ee8a944b514a4fd6d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:03:14+00:00
traceparent: 00-b1d7f8c4af32b88c7ba54de25b359f6f-279a50de61dd0d29-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/doverie.webp

185.244.209.62

200 OK

6.0 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/doverie.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.0 kB (6002 bytes)
Hash
25a2c8bb1250ef2eb614983566886ef4
bb0e43eeee18884437554668b5e1ad56a68e20a4
23852e0d23a0c03d4fd5e5ba37f81083212c85b4c305697ad8b32dd8cef797c1

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/doverie.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 6002
last-modified: Tue, 04 Jul 2023 07:20:09 GMT
etag: "25a2c8bb1250ef2eb614983566886ef4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:39:07+00:00
traceparent: 00-52a020053707ecb55cbc26f924ae4d5e-0272e142bdca5aae-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/12d8ee2576692fff036a68507fb52970.json

178.253.29.51

200 OK

14 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/12d8ee2576692fff036a68507fb52970.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
14 kB (14470 bytes)
Hash
38f190a4cb1989aed041659da0a372aa
eec181f8bddbf93e43c35f7718b3f9dac029bab6
cd2726700d70053e8bc5c7a2c24930598c56856147745eb208722586a17eb6f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/12d8ee2576692fff036a68507fb52970.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 14 Mar 2024 18:43:34 GMT
etag: W/"38f190a4cb1989aed041659da0a372aa"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/v3/bonuses/first-deposit

178.253.29.51

200 OK

27 kB

URL GET HTTP/2
1xlite-461430.top/web-api/api/v3/bonuses/first-deposit
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
27 kB (27325 bytes)
Hash
6c497f6fefa1ff03d2b3f026ca9ea1b2
67708749c2923ee8fb64f119bfe6601df89cc754
62d6341764aac9fa45a7c7c304e969a0408d60f679d5142d0faa28e178d132c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1280; SESSION=62a580b9db01b9181375582b577707ff
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=40, dt_total;dur=68.523, wf-uht;dur=0.076
traceparent: 00-4b728d0ba7b075f4ee72d259dd1eae37-6eb2d6859038ae12-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.053
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/birthday.webp

185.244.209.62

200 OK

12 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/birthday.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
12 kB (11684 bytes)
Hash
9a12fd308fdcacc0adb16d2476e2efe9
fac9675ec0a1041f757f11413fe0c359edd0b141
f7da0fac7df7744f1812cebabe061252bf8e8cb786e066ad76b48f96f1a17b64

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/birthday.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 11684
last-modified: Tue, 11 Apr 2023 17:52:19 GMT
etag: "9a12fd308fdcacc0adb16d2476e2efe9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:16:15+00:00
traceparent: 00-a1d56e1ce9239b8388999bd6dc812daf-030f3b7ee5f0f9bb-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/4248ac2021dc04c1d42b10d68aca3b11.json

178.253.29.51

200 OK

42 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/4248ac2021dc04c1d42b10d68aca3b11.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
42 kB (41770 bytes)
Hash
5696ef1b371a34f9ef6d91bde17f66e7
888943f8c4faf3a9f29cf2fd2933cefa6c01b24f
ada4a21a08ddf6bb03d39fcf39bb6c5d988f6697479abffc92096a157064b2af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/4248ac2021dc04c1d42b10d68aca3b11.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 11:33:40 GMT
etag: W/"5696ef1b371a34f9ef6d91bde17f66e7"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.jpg

185.244.209.62

200 OK

81 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, progressive, precision 8, 315x250, components 3
Size
81 kB (81110 bytes)
Hash
2e4a71a725650c9f993b9b917f132d98
1a7952a4f522c25f2a561fcdf2b89355c42b7233
c1814e03d303819bfdfc285ace748af199d956ae4e38dcf7472c1779df72545d

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/jpeg
content-length: 92498
last-modified: Mon, 02 Oct 2023 07:53:39 GMT
etag: "84abd47f4cf44e9163e19d441d0fb8ad"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-15T20:42:36+00:00
traceparent: 00-61863003a1e9aca4731ccdbf7185960e-599552764cf58905-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.webp

185.244.209.62

200 OK

26 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
26 kB (26188 bytes)
Hash
3529a9950536352cadc5022231d76608
2883dfd254a6b2ac531e7749bd0986dd4c26b077
f9b9979b91624cafcb1f44cdf9b1a3926417ca700046a19466a94335ff8090cf

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: application/octet-stream
content-length: 26188
last-modified: Tue, 11 Apr 2023 17:52:28 GMT
etag: "3529a9950536352cadc5022231d76608"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:03:14+00:00
traceparent: 00-48b10dd9210d213014abb69aa2748369-13d74d809e6fa791-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.webp

185.244.209.62

200 OK

18 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
18 kB (18098 bytes)
Hash
63ffabeefd0ba919618dbdfdd971c45a
a4d6ad655ed680ca06e1f98509005b795f195885
c621e44eb52b43f859381b83442a80570ae098356ef5d581a77c84a4417a3671

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 18098
last-modified: Wed, 10 May 2023 13:36:26 GMT
etag: "63ffabeefd0ba919618dbdfdd971c45a"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:16:17+00:00
traceparent: 00-7263cb5f420ed474804003d40167efed-3b4fdc544b27e435-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/promotions/wheel-bet

178.253.29.51

50 kB

URL
1xlite-461430.top/web-api/external-api/promotions/wheel-bet
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
50 kB (50331 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/promotions/wheel-bet HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/wheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=31, dt_total;dur=88.003
traceparent: 00-0c4beb90db472d598dabce3922ad0b10-029e2cb6a22713a9-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.071
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express.webp

185.244.209.62

200 OK

26 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
26 kB (26210 bytes)
Hash
76f4f94caeacb3ea3e799f76517c2e77
e4532a2e775a346d81f16c0964b9bfc8cb679842
ac636f011f118593e402c29660bda51edb682670d22b82ca018d05faf7f1e18d

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/express.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 26210
last-modified: Fri, 12 May 2023 08:45:56 GMT
etag: "76f4f94caeacb3ea3e799f76517c2e77"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:16:15+00:00
traceparent: 00-9010c570a937bde45eecd1f667809fa9-de000cf5110c937e-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/beatus.webp

185.244.209.62

200 OK

12 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/beatus.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
12 kB (12142 bytes)
Hash
bbd5effd93dd90aeb3587a33e4976b44
13b331c36e7b5a6e7eaee9fabeaa89efc668af89
ab5e828e09e0e3598e23d4570ec7c4c0e66573de6edda8a103b24c16df63f1c1

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/beatus.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 12142
last-modified: Fri, 30 Jun 2023 07:38:24 GMT
etag: "bbd5effd93dd90aeb3587a33e4976b44"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:04:50+00:00
traceparent: 00-1b81b79cb8ddbc8e3e5129d4d12957c9-4951d6384bbe1127-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.webp

185.244.209.62

200 OK

62 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 315x250, components 3
Size
62 kB (61571 bytes)
Hash
5aaddf2c56dd3132a3eb40fd514309c6
74dc6650e0bc516bbefbe1da71fb5e0243e69191
5989764a0ab5e33ea4d229993ff2842fc8d9fe15e6a7ab42de32fc326e28b1c2

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: application/octet-stream
content-length: 61571
last-modified: Tue, 11 Apr 2023 17:52:34 GMT
etag: "5aaddf2c56dd3132a3eb40fd514309c6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:39:07+00:00
traceparent: 00-2bd8543b2976848458042100fcb34d01-9e2eb20076daa0d6-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json

178.253.29.51

200 OK

18 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
18 kB (17902 bytes)
Hash
b0a50f5239a6ca38097f89684eae43e4
9610ba54f85b3199d09ccbaf5c3439cff43bf28a
5f96d5a91935d8a7f975d433db80afb8a995edc61ad2d8cbb0161b80dc7aec56

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 12 May 2023 15:17:16 GMT
etag: W/"b0a50f5239a6ca38097f89684eae43e4"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json

178.253.29.51

200 OK

8.1 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
8.1 kB (8128 bytes)
Hash
dad3a9b077bc630619a2f0a6422b65ae
21ed76245ef3e318fe37ac6d145ffebeac627956
8db3ba27ae59a7f93f8dbe2f9a499b4e028717aa6c139eef0b78e1ec09eca758

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 28 Nov 2023 09:26:45 GMT
etag: W/"dad3a9b077bc630619a2f0a6422b65ae"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/web/v1/config/actualDomain

178.253.29.51

200 OK

22 kB

URL GET HTTP/2
1xlite-461430.top/web-api/api/web/v1/config/actualDomain
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
22 kB (21806 bytes)
Hash
e90508cca101d9cb990de4c1ac272162
f2eff8d50f5d46fb966acd5ce6eae0e6928698f5
11d2a39f89bd0f2c2d4bce0007c223e73a00e54ac7423b3eff9ceec40b477e99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=45, dt_total;dur=47.436, wf-uht;dur=0.059
set-cookie: SESSION=62a580b9db01b9181375582b577707ff; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-4966bf61c82bc82524dd28e362b42d80-eed3b832d72d1876-01
x-dt: 285
x-time-ng: 0.047
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.webp

185.244.209.62

200 OK

9.1 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
9.1 kB (9094 bytes)
Hash
cf73cf5ee3883706242debc9d5f1c52e
e071e466fff51b6bff7edf48405c959865bdbe28
53e6a25ee8451c110b3f96164a7917bb8e6f4dfdcf84ec373eebd5b4dc56d88c

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: application/octet-stream
content-length: 9094
last-modified: Tue, 11 Apr 2023 17:52:55 GMT
etag: "cf73cf5ee3883706242debc9d5f1c52e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:39:07+00:00
traceparent: 00-1981f68d1288d8c1c5b231538abb21d6-f17bc9469df8b3f1-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/race.webp

185.244.209.62

200 OK

20 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/race.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
20 kB (19644 bytes)
Hash
ec7e490ee95bbfcbe0960d591252044e
5436d493fbcf370a21f5c3dde65d24d4fd535e9a
8d40342db2cb8b1792f7833eb91a9f7f29f8ce0a5136b2bb944b7e2d2db69722

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/race.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: image/webp
content-length: 19644
last-modified: Tue, 04 Jul 2023 07:12:14 GMT
etag: "ec7e490ee95bbfcbe0960d591252044e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:16:17+00:00
traceparent: 00-6103fa3ea6ca741bc76842bbd08cb67d-2dd6b9ff9d7ca8fc-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store-slider.webp

185.244.209.62

200 OK

30 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store-slider.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp
Size
30 kB (30198 bytes)
Hash
fb26390b4171564fe0781859fcceda24
06a0c7a3a55e3c6b9a8e1e57727b3c669f322679
5463e432bd75c1aae1935b19c9965dbf5723c16b73fb5d8290e97b879d8364a7

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/promo-store-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: image/webp
content-length: 30198
last-modified: Fri, 12 May 2023 09:22:20 GMT
etag: "fb26390b4171564fe0781859fcceda24"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cd807288dc324363e69263bc1ae8b55a-4979b5f2c8477644-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-22T02:30:36+00:00, 2024-05-07T15:02:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/945x370.webp

185.244.209.62

200 OK

80 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/945x370.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp
Size
80 kB (80336 bytes)
Hash
9fa64a2876ca3248eebece61f020bbe3
4137b2e942470d844316b2b98841153004f796c2
85021bd78912bc1a5d3e09bd922698fc3f5e6d94d36124981015dd3ed036fb19

HTTP Headers

GET /genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/945x370.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: image/webp
content-length: 80336
last-modified: Fri, 12 Apr 2024 12:30:59 GMT
etag: "9fa64a2876ca3248eebece61f020bbe3"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b5e6236a08b7313b30e9802c71e0c320-6bddda2ecfea956b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T15:01:25+00:00, 2024-05-07T15:02:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.webp

185.244.209.62

200 OK

36 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
36 kB (35508 bytes)
Hash
66f74329e9044a43bc6b2888ac7f293b
a3c599085cb4fd80dca8fa060bc2bd888017696c
8b45e16513005aa85953e81f86b40a79f94badf081c76b3fc037c5d09993ea31

HTTP Headers

GET /genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: image/webp
content-length: 35508
last-modified: Mon, 22 Jan 2024 16:34:45 GMT
etag: "66f74329e9044a43bc6b2888ac7f293b"
x-time-ng: 0.009
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e2df3826b50cbabfad7deb9b5f38d9a7-87980e1142cb81be-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-10T10:44:06+00:00, 2024-05-07T14:40:11+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/top-bins.webp

185.244.209.62

200 OK

7.6 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/top-bins.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
7.6 kB (7550 bytes)
Hash
d11c77ea0b5452913b78f4119b5dc2a6
51bd74151949ed7bfc8b75c6ff5f06695bdd3501
54b074dd43034216f6d809fd57a81c5ed43a4cee62da841ac1041cc05394cd45

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/top-bins.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: application/octet-stream
content-length: 7550
last-modified: Tue, 11 Apr 2023 17:52:54 GMT
etag: "d11c77ea0b5452913b78f4119b5dc2a6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:40:49+00:00
traceparent: 00-9c3cae67949f157b16ad837d5345ac92-9ad8ca2b596e56e6-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/toto-free.webp

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/toto-free.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
15 kB (15338 bytes)
Hash
d1c9cf33b4078a369a2ec162bbc4ec00
8b3a2ec69ed7f3dc2bc597cd49cc4e149c016930
d1dd361e05319a43656238aeb770d4b179ac281cfcbacc4b1f250517fabb442f

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/toto-free.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: image/webp
content-length: 15338
last-modified: Thu, 29 Jun 2023 09:22:43 GMT
etag: "d1c9cf33b4078a369a2ec162bbc4ec00"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:03:14+00:00
traceparent: 00-c25e29cf57e2a8baae55f5c3cd16ee7e-784fc85a5970b2f4-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.webp

185.244.209.62

404 Not Found

118 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
118 B (118 bytes)
Hash
b58d632409efb03916cfef3229576c55
c2fb66483c899f427b0354d52b080ce8bb6b47c4
b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a374cd7009b3cf005f3ee982609e8b70-0136fddf346afde1-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/entry-9fb03a4e.js

185.244.209.62

200 OK

302 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/entry-9fb03a4e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
302 kB (302524 bytes)
Hash
63b912a52897cffdf74101ddc0ac4844
f2ad926389281327eb0f1830561e89ab175fb3ba
de3feb1b6ebca64d79472705b6c0ffd88918297cbc3f3a23b5f2841138de1f0b

HTTP Headers

GET /sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/entry-9fb03a4e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 14:08:15 GMT
etag: W/"f7627b055873bfef4cd8d3cdf533d7d0"
x-amz-meta-mtime: 1715090739.548183506
content-encoding: gzip
expires: Wed, 08 May 2024 14:12:27 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T14:12:27+00:00
traceparent: 00-69e742699a4279e3d56513a541efbf38-8eb3fba0c9a7e85d-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.webp

185.244.209.62

200 OK

34 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp
Size
34 kB (34112 bytes)
Hash
c5774b63275f0389268a7e327d0f407a
81d2fb09c457cd65e2c215244ac5b281a3e6ce77
1099121afbbe2fb3cba7fbd6dd48e0cb8ffaf9191b02278dae692fbbba2a5f86

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: application/octet-stream
content-length: 34112
last-modified: Tue, 11 Apr 2023 17:52:48 GMT
etag: "c5774b63275f0389268a7e327d0f407a"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:39:12+00:00
traceparent: 00-9206f9ace169fcb0387cb1ba742a4b59-d206723091869945-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.jpg

185.244.209.62

200 OK

35 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x250, components 3
Size
35 kB (35001 bytes)
Hash
cd68f37caed4fce440617bbfbdc48ed4
ac29fc750245f98996007a7c3484616e10de90b9
0c6bf43c40794a7173623a812f89b868d62c1818e56d29090738cba910af316e

HTTP Headers

GET /genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: image/jpeg
content-length: 35001
last-modified: Thu, 07 Mar 2024 10:30:40 GMT
etag: "cd68f37caed4fce440617bbfbdc48ed4"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-67de4d98bd81f9357135d73093c97a1a-ff0f5c893c46316e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-07T10:30:51+00:00, 2024-05-07T14:40:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st.webp

185.244.209.62

200 OK

11 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
11 kB (10554 bytes)
Hash
a9a36fedcff872396a9f3c7f790713a3
b401c66a5f8b5ab3422964dc1df540bdee8897c8
af610352cfbaf762bac809c78a4cd3c768e412c9bf3a3e2a8f795cded58dc474

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/1st.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: application/octet-stream
content-length: 10554
last-modified: Tue, 11 Apr 2023 17:52:13 GMT
etag: "a9a36fedcff872396a9f3c7f790713a3"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3f3fae9c81aba9ddc45de6ed0dabf0b6-883fff38e9b8c142-01
x-id: osix-hw-edge-gc4
cache: REVALIDATED, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

200 OK

23 B

URL POST HTTP/2
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
b5b6dbac39c20d39e512ad51201bd76b
77f15e5fca9c22f748a82ffa1a49141792616788
ea2db7eac2f8c62211c64a4328fff5379abd9f0140e7bd0d41467c35038fab9d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
Content-Type: application/json
X-Lang: en
X-Uuid: 57814f3c-418e-45c1-93b0-eefb613f5be9
Content-Length: 316
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback.webp

185.244.209.62

200 OK

6.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.2 kB (6224 bytes)
Hash
c92bc7216404cb1bc46cad557d04a4b4
3ad6adb66ed52e54ef1d7adffaec4bf03f51d6df
f652aafdaab581a7843ca7939067e4bacfb5c09255a6408c76644187470ca00b

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/vip-cashback.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:58 GMT
content-type: application/octet-stream
content-length: 6224
last-modified: Tue, 11 Apr 2023 17:52:56 GMT
etag: "c92bc7216404cb1bc46cad557d04a4b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:06:08+00:00
traceparent: 00-dd0add73f0fa263c2d9c537b3a9fbe12-ad17a35e9c36c531-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.webp

185.244.209.62

404 Not Found

118 B

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
118 B (118 bytes)
Hash
b58d632409efb03916cfef3229576c55
c2fb66483c899f427b0354d52b080ce8bb6b47c4
b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176

HTTP Headers

GET /genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 07 May 2024 15:14:59 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc88
traceparent: 00-aeab29db49ce1c63779667bf76e3602b-797df463be4cd534-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.jpg

185.244.209.62

200 OK

35 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 945x370, components 3
Size
35 kB (35060 bytes)
Hash
78c87f02eb2b93a8aecfe7683d746f02
8fbacfead73e116de04b6e60ad07235a993729f4
f2bbd2c04d7e8753dbe2fc0dc4db944b7fe0b5d4cf64f77bca765214846e206f

HTTP Headers

GET /genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:59 GMT
content-type: image/jpeg
content-length: 35060
last-modified: Mon, 22 Jan 2024 16:37:04 GMT
etag: "78c87f02eb2b93a8aecfe7683d746f02"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-63c0bb6410f29d1fe148fdffef8ed8d0-d48bda3720471da4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-10T10:44:20+00:00, 2024-05-07T14:33:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/session

178.253.29.51

204 No Content

0 B

URL GET HTTP/2
1xlite-461430.top/web-api/session
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Tue, 07 May 2024 15:15:00 GMT
cache-control: no-cache, private
server-timing: p;dur=13, dt_total;dur=18.112, wf-uht;dur=0.026
traceparent: 00-469aa33ea4b4ef00690189927e8ec949-9d2a44d434fff69a-01
x-dt: 285
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js

185.244.209.62

200 OK

66 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
66 kB (66479 bytes)
Hash
191ff223860f458112e0be2a63bd9857
850dd681d5b31321f00b8df955a455aa9478e44e
40e1fe6d194776c5fa845dda1dbebda9c2bc3154d8c45793ae74a2e1bf147016

HTTP Headers

GET /_nuxt/desktop/default/vendors/conversion-f0624fc4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 66479
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-103af"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:50 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-007973700ab630ccaf631c63a1649b6b-4656f41f2f2c0cc6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:50+00:00, 2024-05-07T14:48:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:01 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-288946a1cb45ce9d82d159fd8f4814c5-ae97aef3393d8460-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-07T15:10:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:01 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7498d6dafba8a63d7de5862a1da7b425-0e16baa204a26478-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-07T14:43:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:01 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d40f0b325b2150bd024f5b63ace759a5-7b7bd85751135fd8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-07T14:34:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/hd-api/external/api/web/v1/j/31ek699d0m0l7j05c8e238f5112e58047e0e2b5b09c7e2f1f986

178.253.29.51

200 OK

516 B

URL POST HTTP/2
1xlite-461430.top/hd-api/external/api/web/v1/j/31ek699d0m0l7j05c8e238f5112e58047e0e2b5b09c7e2f1f986
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
516 B (516 bytes)
Hash
1c18c7f5c9de90e11a720632befcd8f7
e3a997cadea25cadda1b73ff2f8434a4970bdb9d
8b7011421b4ce4acb58100df4a48839a8adc620b5b016d8ee4d015c9e6437fcc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/api/web/v1/j/31ek699d0m0l7j05c8e238f5112e58047e0e2b5b09c7e2f1f986 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105916
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:02 GMT
content-type: application/json
content-length: 516
content-encoding: gzip
traceparent: 00-2ec7d5d252218671e6a5684e31ae7141-100ccc46c9bf6529-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: a9685688445f3ca759c9fe5ff7ef82fe
x-time-ng: 0.048
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=54.775, wf-uht;dur=0.079
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js

185.244.209.62

200 OK

2.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6444), with no line terminators
Size
2.4 kB (2434 bytes)
Hash
60f915b0daad3af04303726381897e81
133c20a7f58c18758483c23f595d5a4f22ba9371
320b5a7d25c926dc55eb7a53f4348bf7c34bd7f5bc6ad3bcd1d16029239dc3a1

HTTP Headers

GET /_nuxt/desktop/default/analytics-a8ae3276.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-982"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f4c33adb9cf51d0a821da7f728eb36ef-d7b23860a996a1b2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:52+00:00, 2024-05-07T09:24:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.168

200 OK

106 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10899)
Size
106 kB (105892 bytes)
Hash
cdc9852669497e6e92fd3952117a8f3f
00be7ac46b6d68913042157a53e62c965b0342da
a84e8207cac36c7d76e0c8bad0697f3338ea33d5f246ddb39faad530ac860ceb

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 15:15:03 GMT
expires: Tue, 07 May 2024 15:15:03 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 105892
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.168

200 OK

64 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
64 kB (64448 bytes)
Hash
1a560d94c098eeaaa284da14588fdc86
f873b01aab951a84d8b5f37392d90a1e368893a8
d953102aa6771f74b978464eb5ea2d639001ee8f6b0480413e31abcdc091ca5f

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 15:15:03 GMT
expires: Tue, 07 May 2024 15:15:03 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64448
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

154 B

URL GET HTTP/1.1
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 07 May 2024 15:15:03 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Tue, 07 May 2024 15:25:03 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1791400071.1715094896&gtm=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1103963482

142.250.74.163

200 OK

42 B

URL GET HTTP/3
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1791400071.1715094896&gtm=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1103963482
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97
ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1791400071.1715094896&gtm=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1103963482 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 May 2024 15:15:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp

185.244.209.62

404 Not Found

118 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
118 B (118 bytes)
Hash
b58d632409efb03916cfef3229576c55
c2fb66483c899f427b0354d52b080ce8bb6b47c4
b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 07 May 2024 15:15:03 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9e8974445adb8aebb03368926a0050f3-8d21624ff045f894-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st-slider.webp

185.244.209.62

200 OK

18 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st-slider.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp
Size
18 kB (18056 bytes)
Hash
a4b243f76ff572881d54d6d590fb7cdf
dd97d6d98143012e8adecef2a7fad511f7b6c453
ea844aab8b34dab774ad139535dbdd01f9c3886736e241d34bc2088409ab1f10

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/1st-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:03 GMT
content-type: application/octet-stream
content-length: 18056
last-modified: Tue, 11 Apr 2023 17:52:13 GMT
etag: "a4b243f76ff572881d54d6d590fb7cdf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:34:29+00:00
traceparent: 00-86d61dfd292a4fefdf8ba5d4d516be60-4c3472541afa5be2-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

271 B

URL GET HTTP/1.1
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
271 B (271 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 15:15:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:51:01 GMT
Vary: Accept-Encoding
ETag: W/"65c9ea05-186"
Expires: Tue, 21 May 2024 15:15:03 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4510v897130004za200&_p=1715094903037&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1791400071.1715094896&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715094903&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fbonus%2Frules&dt=1xBet%20bonus%20%E1%90%89%20All%201xBet%20bonuses%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=15191

216.239.34.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4510v897130004za200&_p=1715094903037&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1791400071.1715094896&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715094903&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fbonus%2Frules&dt=1xBet%20bonus%20%E1%90%89%20All%201xBet%20bonuses%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=15191
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4510v897130004za200&_p=1715094903037&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1791400071.1715094896&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715094903&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fbonus%2Frules&dt=1xBet%20bonus%20%E1%90%89%20All%201xBet%20bonuses%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=15191 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Tue, 07 May 2024 15:15:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

200 OK

23 B

URL POST HTTP/2
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
ddd5964c8e54c716306bcb17b88ef411
8d4168a86bce350b18ec288d226bc5ad4adc0d94
5c620cdc93c8fda16f95d0e9000a1021ede5d1e862aa5eef0f6eba904470a55d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
Content-Type: application/json
X-Lang: en
X-Uuid: 57814f3c-418e-45c1-93b0-eefb613f5be9
Content-Length: 99
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896; _ga_7JGWL9SV66=GS1.1.1715094903.1.0.1715094903.60.0.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:04 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit-slider.webp

185.244.209.62

200 OK

29 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit-slider.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp
Size
29 kB (29294 bytes)
Hash
69e08eb4707e2b55f7a4b0d61b671acd
ec908bf196e04dc6300a6eafe0a7f8154eaf134f
a35c75862eabf6ecb98f298f765eedaa830e221cea1b1a3e2b1c5bc55dc9ef67

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:13 GMT
content-type: application/octet-stream
content-length: 29294
last-modified: Tue, 11 Apr 2023 17:52:48 GMT
etag: "69e08eb4707e2b55f7a4b0d61b671acd"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-03-11T07:36:41+00:00
traceparent: 00-305961f342e898cdea64fadaba0ff9da-c0129e6077e0e59a-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137-slider.webp

185.244.209.62

118 B

URL
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137-slider.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
118 B (118 bytes)
Hash
b58d632409efb03916cfef3229576c55
c2fb66483c899f427b0354d52b080ce8bb6b47c4
b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 07 May 2024 15:15:18 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc88
traceparent: 00-86ddd41f66ffe2cc606bf7fe33938647-9d5a512d9b2823a7-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback-slider.webp

185.244.209.62

28 kB

URL
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback-slider.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp
Size
28 kB (27944 bytes)
Hash
45c57f7771b900c3670a51cb5f9773d2
a469f3c4c67920f704bce50ea306987a8b8b521a
6100f06f06c236c8448c2dbe60c7c457c871ef6608798ed43519ac767e484c22

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/vip-cashback-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:18 GMT
content-type: application/octet-stream
content-length: 27944
last-modified: Tue, 11 Apr 2023 17:52:56 GMT
etag: "45c57f7771b900c3670a51cb5f9773d2"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-05T08:35:34+00:00
traceparent: 00-9a8ce86786e539f14f088797070f6e64-af4a48142ba43d63-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/config/contacts.json?type=2&lang=en

178.253.29.51

200 OK

3.8 kB

URL GET HTTP/2
1xlite-461430.top/bff-api/config/contacts.json?type=2&lang=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4380), with no line terminators
Size
3.8 kB (3756 bytes)
Hash
35b15ddc8b3ddba2cdb3bfc72981faf5
4a827b334a2c3d01ebda12287e001ff2342b1ed8
b73cc38f83e92cafd70e238deb6face9210af5603208057dd1a2077fdec6b3cc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/contacts.json?type=2&lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1280; SESSION=62a580b9db01b9181375582b577707ff
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=7.15, dt_total;dur=16.923, wf-uht;dur=0.025
traceparent: 00-a6be22437a01649477f763f18d3656dc-63ca7a2cdae25023-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/dailytournament.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/dailytournament.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/dailytournament.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/beatus.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/beatus.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/beatus.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1xlite-461430.top/hd-api/external/api/web/v1/converslon/load

178.253.29.51

200 OK

32 kB

URL GET HTTP/2
1xlite-461430.top/hd-api/external/api/web/v1/converslon/load
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
32 kB (32036 bytes)
Hash
92900c18dbdb4e0c594c23e648467f2d
f633be838429a32a8a11c230c8f51c577a5da505
469dbbeabbf7327e0a788b38ab30224aa930da7d8bce9b896cbf3a8bbf28af89

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:00 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-ed62f8dc529a80cfbecc4ca5f71529aa-7d9e4a181f40f805-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: b7250de63542da62a2180a65ebacaf13
x-time-ng: 0.029
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=32.640, wf-uht;dur=0.041
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js

185.244.209.62

200 OK

30 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (30255)
Size
30 kB (30277 bytes)
Hash
dfa127e93d125d4f6c566203eaf225f2
32c1fd89c4eeed7ac2a942582b3786659b15cd43
cf5077d1cff62ce76807408ebc2203563b7a221ddf1cf38339c6d54289bff390

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_PLMWICWN.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 14:40:26 GMT
etag: W/"dfa127e93d125d4f6c566203eaf225f2"
x-amz-meta-mtime: 1715006282.054749806
content-encoding: gzip
expires: Tue, 07 May 2024 15:18:11 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b6a0298c65693c8fb9eaff158cdf6953-07a41ecfd49d5771-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T15:18:11+00:00, 2024-05-06T16:00:49+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json

178.253.29.51

200 OK

14 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
14 kB (14236 bytes)
Hash
5f6393bd6febc268d33cb235c7eec194
819eb4409582bcea038e527fd5859dde2d13e0e7
9ae42c0a8d88add1a2d54faab5d819c619cb2a2a1eec7595fe1029a91449efb0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 14 Nov 2023 06:21:55 GMT
etag: W/"5f6393bd6febc268d33cb235c7eec194"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/version.json?timestamp=1715094891927

178.253.29.51

200 OK

11 B

URL GET HTTP/2
1xlite-461430.top/version.json?timestamp=1715094891927
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
f575c6accd47babd26e6c16664af0c10
f8eda90f61739ebcda34788a6208aad7b9b24635
0bfb1f6345c1dd1cb52bb32f983cba77fa6a993c7eb4d66ddbf41b08df7f74e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /version.json?timestamp=1715094891927 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1920; SESSION=62a580b9db01b9181375582b577707ff
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/json
content-length: 44
last-modified: Mon, 06 May 2024 10:24:15 GMT
vary: Accept-Encoding
etag: "6638afcf-2c"
content-encoding: gzip
expires: Tue, 07 May 2024 15:15:51 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js

172.64.148.184

200 OK

3.8 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (3855), with no line terminators
Size
3.8 kB (3792 bytes)
Hash
7288e202ab8e4cf1b7f60eed709e0986
c10effeb29bf129a7c81688b9f3a7d5485272e87
56e695b4675b50d55a92f006109771a67da822050f5ae03fd2ad02c1a9565b58

HTTP Headers

GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 592538
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298b4ff456bb-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/loss20.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/loss20.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/loss20.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js

172.64.148.184

200 OK

1.0 MB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
1.0 MB (1015847 bytes)
Hash
5997e7f54cf2aebf463f16902ccbc7fc
659b9677d6196eabd63ce0feb5f4466accb72df7
08d0ab3696a84b16c7cc5306bf6d83dd27f99a2ce221ed337bf09dec8ebf95db

HTTP Headers

GET /_next/static/chunks/pages/_app-9c47c295eecaa68a.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"f8027-18f381bf92a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 461243
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298b4ffe56bb-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js

172.64.148.184

200 OK

92 B

URL GET HTTP/2
widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
92 B (92 bytes)
Hash
7c3f7e060745668041278118c0bb3d6d
e639f56695b3cc30d78dce7a0084aa8299a1311a
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a

HTTP Headers

GET /_next/static/f385e6db/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"5c-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 461243
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298b682356bb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json

178.253.29.51

200 OK

12 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
12 kB (11769 bytes)
Hash
9e5da15e44d6b6bab0cfc7c07ba9495d
4a67254b45112089d0833028de0c9c81acb930a3
0d51ae7eaa1511001f9b8b562a49d1b55d177a655f26035364485f02d5384af9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Sat, 20 Apr 2024 09:17:16 GMT
etag: W/"9e5da15e44d6b6bab0cfc7c07ba9495d"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/config/all.json?lang=en

178.253.29.51

200 OK

124 kB

URL GET HTTP/2
1xlite-461430.top/bff-api/config/all.json?lang=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
124 kB (123498 bytes)
Hash
b8dcdf58e5c1baa273343d036b7770ba
f482235c789d73d8fc2e902ba6425102ea29f9ba
0b43eb0e6e03055c3ba4dd1336841d78fe577d0e5cbc11cd990772538907823f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/all.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1280; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=3.79, dt_total;dur=38.217, wf-uht;dur=0.057
traceparent: 00-f60a42457ebaa2a9e079a88841557d47-ad5a5c70f92dc1de-01
vary: Accept-Encoding
x-cache-expire: 596
x-cache-hit: 1
x-dt: 285
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-no-risk-bet.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-no-risk-bet.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/promo-no-risk-bet.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.webp

185.244.209.62

200 OK

48 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
48 kB (48058 bytes)
Hash
a0339a106d8746d304f69e1b730d2b13
3f2b1c54fda62bd6acad6c8e818ca9b0a242ca4c
0f595c354ed2f9e32665d208359fdc786b20358164171744db96644051e49f4d

HTTP Headers

GET /genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 48058
last-modified: Tue, 28 Nov 2023 14:15:19 GMT
etag: "a0339a106d8746d304f69e1b730d2b13"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b6b30603c5c893e1a64ffaee1c8d542e-182bb92ce21d863d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T09:03:01+00:00, 2024-05-07T14:49:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js

185.244.209.62

200 OK

101 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (35828)
Size
101 kB (100701 bytes)
Hash
51ddc52774f4e5bd6a6f1c22e9d19674
374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4
642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_M4D4AAJL.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 13:05:33 GMT
etag: W/"51ddc52774f4e5bd6a6f1c22e9d19674"
x-amz-meta-mtime: 1715000580.87646382
content-encoding: gzip
expires: Wed, 08 May 2024 12:42:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7c00d2d7db5e427fe8ba7588b439b7e7-656ad8bf064ff881-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:42:07+00:00, 2024-05-07T12:51:04+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js

172.64.148.184

200 OK

108 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107844 bytes)
Hash
83680ce862de40c43fc92e04b1ad0a3d
67eb6762545f4e1fee446794f4738d0f0577b6b4
e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75

HTTP Headers

GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 586978
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298b4ffc56bb-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

widget.suphelper.top/

172.64.148.184

200 OK

496 kB

URL GET HTTP/2
widget.suphelper.top/
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type

Size
496 kB (496420 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8802298a2e1156bb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/logos.svg

185.244.209.62

200 OK

43 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/logos.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
43 kB (42787 bytes)
Hash
c45fb3adb3e47bdbd03c88fc4c4309aa
9ce991739a2879970ba12baf56108c8fcdefefb1
61d5aead50750c6e8a7bfde801abbf6f4ab75e387fdcc748ec6784e219e4d727

HTTP Headers

GET /sys-icons/1.0.328/285/logos.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"c45fb3adb3e47bdbd03c88fc4c4309aa"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:05 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-33cbaad2875415defd40de1c191d2c9c-ec7a80ce90e6f99a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:05+00:00, 2024-05-07T12:12:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/multiply2.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/multiply2.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/multiply2.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/doverie.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/doverie.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/doverie.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.webp

185.244.209.62

200 OK

30 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
30 kB (30120 bytes)
Hash
127f60172cf16911bf168a7fb61c7ccf
5224ba0a241715cf352c7ea5d2b54d9343cd5877
2c7adb7ce984529f91331d5f8c4d4709471b455e8275d9f8f0fcea7a1b641ee7

HTTP Headers

GET /genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 30120
last-modified: Thu, 04 Apr 2024 12:21:49 GMT
etag: "127f60172cf16911bf168a7fb61c7ccf"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-97d00321f3612ae14c6a04897bbd1483-c06543e1a20bdf69-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-15T09:12:58+00:00, 2024-05-07T15:02:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/4e38cdf2b5d77aba4fb2630db5d13097.json

178.253.29.51

200 OK

14 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/4e38cdf2b5d77aba4fb2630db5d13097.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
14 kB (13782 bytes)
Hash
00016d59394dbec5ec0fb1cc7cc87f70
ac61517dc4d77edd46e06aa66dca8b47e21fc64a
d8a350d41a5611bf32b7c03888b7bd9921eb2b016760c22d95fd5f6cb0c2e8ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/4e38cdf2b5d77aba4fb2630db5d13097.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 25 Mar 2024 15:12:10 GMT
etag: W/"00016d59394dbec5ec0fb1cc7cc87f70"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json

178.253.29.51

200 OK

36 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
36 kB (36003 bytes)
Hash
82be680bc6bd32b65cef0e3bda368678
5f5ac335405d9c792b43b6aee8d5ab64ac42e5ba
12800d3ad8e368dc1541e334f8f6f669549da16f62b4dae2ebb9929bd88322c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 30 Oct 2023 14:20:28 GMT
etag: W/"82be680bc6bd32b65cef0e3bda368678"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json

178.253.29.51

200 OK

2.1 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text, with very long lines (2345), with no line terminators
Size
2.1 kB (2128 bytes)
Hash
f28a40d30a99fab8a5ccced08db52f77
063e77333797a10e097679a1e4d17269fc6d3b6b
a46ea2afe2103a473c90b17137f840e29d578a74d191daac521d45e9d3cf1d6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:51 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/d2dc12263f6f8823abe288bb1ce1a420.json

178.253.29.51

200 OK

10 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/d2dc12263f6f8823abe288bb1ce1a420.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
10 kB (10370 bytes)
Hash
ee702cdbc65faf50843762bd9534a1aa
5c78ac8aa3155597543f63349686b02926eecd36
ec388b1801623dbd0e1f497cb6a898425222ea538c039b2a8dafc7720cceea28

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/d2dc12263f6f8823abe288bb1ce1a420.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 02 Feb 2024 09:29:23 GMT
etag: W/"ee702cdbc65faf50843762bd9534a1aa"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/common.svg

185.244.209.62

200 OK

147 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
147 kB (146981 bytes)
Hash
7bf3e9e7d79beac942f5e7748a3af2e6
7c6896ef647506806f2cdbe998d8c9eb845a1754
663e2fc5004af9c6c1969fc5827d7ffdbfeec8d4753efd831208cb179f0a488f

HTTP Headers

GET /sys-icons/1.0.328/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:52 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c27aa865b83ded4f67466c826423f9b1-61021ce7cdf1a1e2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:01+00:00, 2024-05-07T12:12:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.png

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/multiply2.webp

185.244.209.62

200 OK

7.6 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/multiply2.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
7.6 kB (7566 bytes)
Hash
1d8bed36881f95d202cadc9e59f6feac
2e02cd8b9fed8a23983e3fae937046ab3bbf024d
75a1bf27b18d5a283419875af020e3b2f435aba02f1b510b76b2f76f6932c23c

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/multiply2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 7566
last-modified: Tue, 11 Apr 2023 17:52:41 GMT
etag: "1d8bed36881f95d202cadc9e59f6feac"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:16:15+00:00
traceparent: 00-681a031a91659b8431692c270b4f0573-880324f438a66feb-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/sfiles/games-images/game-animations/game-316-animation.svg

185.244.209.62

200 OK

13 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-animations/game-316-animation.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
13 kB (12564 bytes)
Hash
0db44d13e7a50cd2da8dd47ff024f1cd
719bb6c0f3bd8ebabc6c3f53606affb21fd9a4b7
92690d6a77132101517ef7ee09173a4629fd85ba10a6a25033ba80f7967e8fe7

HTTP Headers

GET /sfiles/games-images/game-animations/game-316-animation.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Jan 2024 08:41:20 GMT
etag: W/"0db44d13e7a50cd2da8dd47ff024f1cd"
x-amz-meta-origin-date-iso8601: 2024-01-12T15:48:06.000Z
expires: Tue, 07 May 2024 00:00:59 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-34caf9daa865fb2e9eb828339b4331fe-08ed6224a7470592-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T00:00:59+00:00, 2024-05-07T00:43:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js

172.64.148.184

200 OK

481 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
481 kB (480579 bytes)
Hash
46260bb46d51262abee818c0c3bcf1c6
fe3be222aec74704fad1fa2559788b1fa287094a
20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c

HTTP Headers

GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 586978
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298b580356bb-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/toto-free.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/toto-free.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/toto-free.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/1st/1-137.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1xlite-461430.top/promo-frame/en/promotion/wheel-bet

178.253.29.51

200 OK

4.7 kB

URL GET HTTP/2
1xlite-461430.top/promo-frame/en/promotion/wheel-bet
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
HTML document, ASCII text, with very long lines (4846), with no line terminators
Size
4.7 kB (4684 bytes)
Hash
02b0a642db63883f4f12ce2f429f694d
91ffc91b3f03f7456ad5d901417463ca7ecf9c94
0131865f2a81e4581a4842625c79305cc68e1abf0748ab1843e4e506ede9ed88

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /promo-frame/en/promotion/wheel-bet HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions/wheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1280; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: text/html; charset=utf-8
accept-ranges: none
content-encoding: gzip
etag: "124c-AFMTvOPx+3DqSCjrWono8hERRQM"
server-timing: total;dur=0;desc="Nuxt Server Time", dt_total;dur=2.038, dt_total;dur=4.122, wf-uht;dur=0.012
traceparent: 00-4f811188babd2c5b8ea0c318b20e789b-e566ab210f191721-01, 00-4f811188babd2c5b8ea0c318b20e789b-e566ab210f191721-01
vary: Accept-Encoding
x-dt: 285, 285
x-time-ng: 0.002, 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/express.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json

178.253.29.51

200 OK

182 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text, with no line terminators
Size
182 B (182 bytes)
Hash
1354132df8a5034bcda597127952730c
def2db205153babd3de7ea018e4189613aa8ddf6
c7cf9d8f1480c29d3f88a61151a62980f07c279eca2e94748f2d2dd1fa3a5c42

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
content-length: 182
last-modified: Tue, 11 Apr 2023 17:53:40 GMT
etag: "e4c69ca8e3916987138c95a26642f53a"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/loss20.webp

185.244.209.62

200 OK

27 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/loss20.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
27 kB (27102 bytes)
Hash
0380f55e7529165ae4d1a7711a856e71
62fe2f40e9e20f52c357e54ee693c76bde7f9687
bd318ab4b3134965f5cdc86b6b7b1ef2fd107b2e8607d20a9fbbbf26c9336d89

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/loss20.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 27102
last-modified: Tue, 16 May 2023 09:12:24 GMT
etag: "0380f55e7529165ae4d1a7711a856e71"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:16:15+00:00
traceparent: 00-ca3d4710bb6444426b69c88ad7707984-6e82c5f03db2b2d1-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js

172.64.148.184

200 OK

77 B

URL GET HTTP/2
widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
b6652df95db52feb4daf4eca35380933
65451d110137761b318c82d9071c042db80c4036
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

HTTP Headers

GET /_next/static/f385e6db/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"4d-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 461243
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298b581e56bb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/race.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/race.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/race.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1xlite-461430.top/bonus-api/category?currency=NOK&language=en

178.253.29.51

200 OK

387 B

URL GET HTTP/2
1xlite-461430.top/bonus-api/category?currency=NOK&language=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (449), with no line terminators
Size
387 B (387 bytes)
Hash
4e672680a259a504f146d269489a910c
d7d888f3483174b8dbde246bdf830635cccd8acc
eefcd963fe16a139c22b0eb41ce903a76d395d33d735081869ae8aef2f721899

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bonus-api/category?currency=NOK&language=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
content-length: 387
cache-control: no-cache, private
server-timing: p;dur=123.42190742493, dt_total;dur=153.959, wf-uht;dur=0.162
traceparent: 00-a2e2c97b8bdb0e370ecff789b09b84ea-a687ab5a89ccb7f4-01
x-dt: 285
x-request-id: 243a2e0c97d91b6f5664503576410abf
x-time-ng: 0.132
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js

172.64.148.184

200 OK

141 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
141 kB (140949 bytes)
Hash
896d1930437c1ab92b8a359c1d6fdaae
71e0e23d1af9722f356eb5d1c497d100ec8b0f7a
8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4

HTTP Headers

GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 11 Mar 2024 06:37:37 GMT
etag: W/"22695-18e2c3b24d9"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 592538
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298b4ff956bb-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.webp

185.244.209.62

200 OK

38 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
38 kB (38184 bytes)
Hash
1d495d767fa8c94066d188431eb797e0
940bc07d4ac6fc836661b6e3d0860509de648b3b
e6aff9ac6666aeef484341c417a21fcddc49f9488af30b03a20af0d1a722eb94

HTTP Headers

GET /genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 38184
last-modified: Wed, 10 Jan 2024 05:53:56 GMT
etag: "1d495d767fa8c94066d188431eb797e0"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-10b79c66a48a2e9659d922f25d39a3ab-cf14fa6c5d90a2b0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-16T11:30:17+00:00, 2024-05-07T14:33:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js

172.64.148.184

200 OK

107 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107186 bytes)
Hash
d0a7ecc59065580118a9ea8880c58962
21573546ac5011592094ef6aea0696ccdeb2164d
e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5

HTTP Headers

GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 596819
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298b581456bb-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/esportsera.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/esportsera.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/esportsera.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/champions-season.webp

185.244.209.62

200 OK

12 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/champions-season.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
12 kB (11908 bytes)
Hash
bf8cbebb37d6522d39bbb5d6c5d736bf
7dc6cdccb164a0b098f2d9d1f137818f5f38241a
84fd6d05039b9501f02f89baada0ade73918cbc8a65cf09eac1ad95bbccc27ca

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/champions-season.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 11908
last-modified: Wed, 06 Sep 2023 12:28:01 GMT
etag: "bf8cbebb37d6522d39bbb5d6c5d736bf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:03:14+00:00
traceparent: 00-9fdcb7aeab4b5b1e71456ec59591cac9-71fc94f0bde99b6a-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.webp

185.244.209.62

200 OK

30 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
30 kB (29872 bytes)
Hash
905dd1d3172673fc22a835b1cf858948
61c67b62dfcbacb5bd6698d0c2bb154cf7405615
36db7919d6f4f2770823e140becedb8d983a4b0ce1048e0c12cd2557bf668e8c

HTTP Headers

GET /genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 29872
last-modified: Fri, 12 Apr 2024 12:30:49 GMT
etag: "905dd1d3172673fc22a835b1cf858948"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d1342202652da076c203119bb1abf4f8-a4ba16558344d0d6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T15:01:22+00:00, 2024-05-07T15:02:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-no-risk-bet.webp

185.244.209.62

200 OK

50 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-no-risk-bet.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
50 kB (49656 bytes)
Hash
61884a79292df9a69ea556b9adbdb453
a925df3d537f64ded7c93d6d46719f6933eedaba
6f949e72638072f5014d3710883383047f95344febff58dbe5a6dc47c753d5ff

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/promo-no-risk-bet.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 49656
last-modified: Tue, 11 Apr 2023 17:52:46 GMT
etag: "61884a79292df9a69ea556b9adbdb453"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:16:15+00:00
traceparent: 00-cab8e7c1ea99052f980786f263cd62d3-052c07ed4d5a22ed-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json

178.253.29.51

200 OK

8.1 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text, with very long lines (8926), with no line terminators
Size
8.1 kB (8075 bytes)
Hash
33a8d84b65be76b07b379586ce0f30f4
d3c3a3a7c188444d7c25961a62149b97f9de1725
8cbf747c3e3ffa25baee745930d5855d78ec027e3e0c6e0bc69bfde8bc16aeaa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 13 Dec 2023 14:46:07 GMT
etag: W/"a60fb63e7c35ba8cdb1d0851ff960b1b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.jpg

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 315x250, components 3
Size
14 kB (13813 bytes)
Hash
1b537371544b421d93fecd7788ac461e
5f1a37846aadd99c3086bdfd63b2f5267b7aca6f
aa51e52117c2a3313c1cb703b8b9f81a1d30cf287e4721bf29184bc17bb8aa0f

HTTP Headers

GET /genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/jpeg
content-length: 13813
last-modified: Fri, 12 Apr 2024 12:30:49 GMT
etag: "1b537371544b421d93fecd7788ac461e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7b074665051f10eed23e91db74758f18-6f56190f1dbcaebd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T15:01:29+00:00, 2024-05-07T14:48:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js

185.244.209.62

200 OK

81 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
81 kB (81096 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 13:05:33 GMT
etag: W/"67267513246705d46a0bb83e1f8efd2a"
x-amz-meta-mtime: 1715000580.880463816
content-encoding: gzip
expires: Wed, 08 May 2024 12:42:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9d33939b9eef4dfab08f8a005af9e0d0-34bcd4c69b8a1f8c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:42:07+00:00, 2024-05-07T12:51:04+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js

172.64.148.184

200 OK

78 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77801 bytes)
Hash
dc6852529f28802d37affa5953d07260
4edd220fe8df4b009a1775ebe57f19d40999659f
4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84

HTTP Headers

GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"12fe9-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 592538
expires: Wed, 07 May 2025 15:14:53 GMT
server: cloudflare
cf-ray: 8802298b580756bb-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/goalless-football.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/goalless-football.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/goalless-football.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.webp

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
16 kB (16192 bytes)
Hash
8842d3a0770dc1fa54e2eb4283de9291
5ddc91173e4cf4609f607bac9936a845ffe727f1
15abd87aa7b3db6da681f7912a472c23de1a259e889738db3b1df24c4d2707a3

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 16192
last-modified: Mon, 02 Oct 2023 07:53:39 GMT
etag: "8842d3a0770dc1fa54e2eb4283de9291"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:03:14+00:00
traceparent: 00-175c282e04db404a20ce746773122b9f-65fe6e8616607e78-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/top-bins.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/top-bins.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/top-bins.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1232 bytes)
Hash
a436db0af736498349f0127d8e7fab1e
b07e2c449cf16ddb052ce40d881db13a0c890b9b
93261a519c1cea62e2c934496d5e0cbd1cbc8f65b4961811316e55d9e7c96ede

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b9cbc7a7966600dd1a8e49d3bb90dc97-4c673b4806c8f01e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-11T08:32:05+00:00, 2024-05-07T14:44:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/champions-season.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/champions-season.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/champions-season.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/56fc6e674daa655b283b3497c88a92cb.json

178.253.29.51

200 OK

10 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/56fc6e674daa655b283b3497c88a92cb.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
10 kB (10158 bytes)
Hash
e5e68fdba731c76ec0a416e7799cf4f9
b8b3233ff91489cdd2ad056073cfd625bd4715a5
a7221bf33f5f39552a192e8357d466bd30b0530bddc89aad0d35de565a26b6df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/56fc6e674daa655b283b3497c88a92cb.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 11 Apr 2023 17:53:23 GMT
etag: W/"e5e68fdba731c76ec0a416e7799cf4f9"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet

178.253.29.51

200 OK

826 kB

URL User Request GET HTTP/2
1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type

Size
826 kB (825549 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: text/html; charset=utf-8
content-encoding: br
server-timing: total;dur=1525;desc="Nuxt Server Time", dt_total;dur=1589.063, wf-uht;dur=1.609
set-cookie: lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Sat, 06 Jul 2024 15:14:49 GMT
reflinkid=d_2757227m_18607c_; Path=/; Expires=Tue, 07 May 2024 16:14:49 GMT
postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; Path=/; Expires=Thu, 06 Jun 2024 15:14:49 GMT
platform_type=desktop; Path=/; Expires=Fri, 10 May 2024 15:14:50 GMT; Secure; SameSite=None; Partitioned
auid=sv0dM2Y6RWox/IwhAwkJAg==; path=/; secure; httponly; samesite=lax
traceparent: 00-640849adf0077bdde9de68e934f5eee4-3cbb1542e5a21b01-01
vary: Accept-Encoding
x-dt: 285
x-frame-options: SAMEORIGIN
x-time-ng: 1.563
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/percentage.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/percentage.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/percentage.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22c3ec7c3d-3538-4b43-b274-941081661add%22%7D

172.64.148.184

200 OK

24 B

URL GET HTTP/2
widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22c3ec7c3d-3538-4b43-b274-941081661add%22%7D
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
d6bacfff68d40ad2744454c2506cc0f9
85f1f094d174fd4d78bd382c7948b95e9db93215
cd0483a083f6c73e9cd006ee073b875188c49f4025f771ecbcb795d40ac980ed

HTTP Headers

GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22c3ec7c3d-3538-4b43-b274-941081661add%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8802298eee5356bb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.webp

185.244.209.62

200 OK

41 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 320x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
41 kB (41040 bytes)
Hash
db450552e670bbdad66544b69eb363d9
3cd2f0307c9b7bea0b94cd9337a5cdcf6e396250
dd7368b9f4913ae02e5d49cda2d67a56197e3a92537486470d93de634be5273d

HTTP Headers

GET /genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 41040
last-modified: Mon, 26 Feb 2024 09:18:12 GMT
etag: "db450552e670bbdad66544b69eb363d9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-02-26T11:22:28+00:00
traceparent: 00-dadad8bf8e903c59690e45cf15e17a7a-480baf060d99fe0d-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/percentage.webp

185.244.209.62

200 OK

12 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/percentage.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 320x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
12 kB (11590 bytes)
Hash
23cdbdab7f6c29d23a3ae864fa3f3d4e
043bafd75f65788716a5be5856ec40299e0ec346
61c7198b963bf41030704724217c3faa3fe4450d7786b18af8782daf6e5dcafc

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/percentage.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 11590
last-modified: Thu, 22 Feb 2024 07:23:11 GMT
etag: "23cdbdab7f6c29d23a3ae864fa3f3d4e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-02-22T09:05:18+00:00
traceparent: 00-5b2937b050588083ed16e9ccf5a300e8-5318f107e3f700e7-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1036), with no line terminators
Size
1.0 kB (1025 bytes)
Hash
305de1535e3f2a45efa2f1dd096f496e
9fd79178b39d8a196f9f3640758cc5285f5914fd
9b0fc84933536e9c4ca4b8013f656f393c6073e746901340133cbc11059aec46

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 14:40:26 GMT
etag: W/"8fecd56fc5520134f3c39b17431fe0c2"
x-amz-meta-mtime: 1715006282.054749806
content-encoding: gzip
expires: Tue, 07 May 2024 15:18:04 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-06219ebcd9c8ab1ea9ee9907ef1784e7-6aff324d6bd07038-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T15:18:04+00:00, 2024-05-06T15:57:12+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/esportsera.webp

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/esportsera.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp
Size
22 kB (21674 bytes)
Hash
ce497bea4e8d6d98f39094d022ae36b6
412a148e5089893045cb686d35f78ad4f6c0d340
a4fd9bbb5a9e00896e0a9a07090f92797034fbba93193605f498f96ab04d1f28

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/esportsera.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/webp
content-length: 21674
last-modified: Mon, 24 Jul 2023 13:02:29 GMT
etag: "ce497bea4e8d6d98f39094d022ae36b6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:03:14+00:00
traceparent: 00-507699aa4d94b13c255a22ed0878e6f0-9990bdab173069b8-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/3.2.3/Desktop/Default/client.css

185.244.209.62

200 OK

1.0 MB

URL GET HTTP/2
v3.traincdn.com/sys-ui/3.2.3/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
1.0 MB (1048668 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-ui/3.2.3/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:50 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 19 Apr 2024 10:53:25 GMT
etag: W/"64d292a033c097211f9f4c21ffbcb2b0"
x-amz-meta-mtime: 1713523729.13591556
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:54:48 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-23T12:54:48+00:00
traceparent: 00-622da2761453fbf58ac6d99294c29ca0-cecac8311646b8e5-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json

178.253.29.51

200 OK

2.6 kB

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
ASCII text, with very long lines (2854), with no line terminators
Size
2.6 kB (2589 bytes)
Hash
ecacc4d3ca1ba475ef20875ff4225f06
528aa5b0070cfcd78034449c40533e51278cba2a
328065b0030c77de9cafba92ec86d89b32ca55f32a3a251cdb7687f1f44c4859

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 14:59:39 GMT
etag: W/"269ccea9c3f07d37d497b4911e5d6e0b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/seo-module-api/api/v1/visual?group_id=285&ref_id=1&url=https:%2F%2F1xlite-461430.top%2Fen%2Fbonus%2Frules&geo=no&language=en&domain=1xlite-461430.top&timezone=2&stream=bonus&section=rules&ref[id]=1&project[id]=285

178.253.29.51

200 OK

158 B

URL GET HTTP/2
1xlite-461430.top/seo-module-api/api/v1/visual?group_id=285&ref_id=1&url=https:%2F%2F1xlite-461430.top%2Fen%2Fbonus%2Frules&geo=no&language=en&domain=1xlite-461430.top&timezone=2&stream=bonus&section=rules&ref[id]=1&project[id]=285
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
158 B (158 bytes)
Hash
d0d24f12d4e0d7893bab366bae7fc14f
ceea27c49e8832d7c60ca9c5dc1a8a13dbac7856
4ae8de056bd128351f429c944c32e82e06dad1acfcd68291e4e46edbec7a9753

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/v1/visual?group_id=285&ref_id=1&url=https:%2F%2F1xlite-461430.top%2Fen%2Fbonus%2Frules&geo=no&language=en&domain=1xlite-461430.top&timezone=2&stream=bonus&section=rules&ref[id]=1&project[id]=285 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
x-geoip2-country-code: ru
sub-request-id: f640eb1ed5494d5ca993dc2ebfb646d9
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=0; SESSION=62a580b9db01b9181375582b577707ff; che_g=bad88088-adde-9a12-b173-ae2d8983d4f3; sh.session.id=c3ec7c3d-3538-4b43-b274-941081661add; application_locale=en; _ga_7V60YW2S5H=GS1.1.1715094895.1.0.1715094895.60.0.0; _ga=GA1.1.1791400071.1715094896
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: application/json
content-length: 158
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: en4e8fbe83e6eb6d0657a8f11b2e3dbb9a
age: 0
x-request-id: 9a13dcb1aeb7affb478d72976788e69c
x-request-guid: 9a13dcb1aeb7affb478d72976788e69c
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=13.489961624146, wf-uht;dur=0.023
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.jpg

185.244.209.62

200 OK

0 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:57 GMT
content-type: image/jpg
content-length: 45630
last-modified: Tue, 11 Apr 2023 17:52:48 GMT
etag: "bcd6f81e0f43cbcff60824bb657a8a78"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-15T20:42:36+00:00
traceparent: 00-1b040a0fcafea74895d31a71b5502d20-38f6f1013395ffc3-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/birthday.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/birthday.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1-285/desktop/bonus/rules/birthday.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1xlite-461430.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO

178.253.29.51

200 OK

27 kB

URL GET HTTP/2
1xlite-461430.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
27 kB (26865 bytes)
Hash
b37f7c2a19f7e14b5b834ec5532af277
473d039dc440744109c049a49da67a08e7157cbe
269006ae20bef66e40b26843e6e400dab00f45c297ea9a50ce467a2b9d3694bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysystems/information/systems?lang=en&ref_id=1&geo=NO HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=Gbjizwcgnzc4SQ1mj2DsfT&click_id=Gbjizwcgnzc4SQ1mj2DsfT&site_id=fe58442c&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22Gbjizwcgnzc4SQ1mj2DsfT%22%2C%22Gbjizwcgnzc4SQ1mj2DsfT%22%5D%2C%22site_id%22%3A%22fe58442c%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dM2Y6RWox/IwhAwkJAg==; window_width=1280; SESSION=62a580b9db01b9181375582b577707ff
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:14:53 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
content-encoding: br
expires: Tue, 07 May 2024 15:14:53 GMT
set-cookie: application_locale=en; expires=Thu, 06 Jun 2024 15:14:53 GMT; Max-Age=2592000; path=/; secure; samesite=lax
traceparent: 00-f51e51fa45c386e2e508ff52d59b19a7-f9e56928cc53a067-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.266, 0.278
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=278.556, wf-uht;dur=0.287
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (64)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML