{"report_id":"2cc5cafc-e4d1-4539-b8ba-af4539ab9c87","version":6,"status":"done","tags":[],"date":"2025-12-19T21:45:46Z","url":{"schema":"http","addr":"1xlite-837593.top/","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":0,"asn":0,"as":"","country":"Iran","country_code":"IR"},"final":{"url":{"schema":"https","addr":"1xlite-837593.top/en/block","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"title":"1xBet","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"1xlite-837593.top/","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":0,"asn":0,"as":"","country":"Iran","country_code":"IR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-23T21:45:46Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"1xlite-837593.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.google.no","ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2001-02-26","domain_rank":92680,"first_seen":"2012-06-26T23:22:08Z","last_seen":"2025-12-14T22:19:24.295945Z","alert_count":0,"request_count":1,"received_data":580,"sent_data":763,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-12-14T22:17:32.87103Z","alert_count":0,"request_count":1,"received_data":510331,"sent_data":438,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"region1.analytics.google.com","ip":{"addr":"216.239.34.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22257,"first_seen":"2022-03-17T11:26:33Z","last_seen":"2025-12-14T22:22:25.061209Z","alert_count":0,"request_count":2,"received_data":1702,"sent_data":2089,"comment":"","tags":null,"fingerprints":null},{"fqdn":"radar.cedexis.com","ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"domain_registered":"2009-01-07","domain_rank":28156,"first_seen":"2013-11-27T02:31:43Z","last_seen":"2025-12-15T22:32:50.553182Z","alert_count":0,"request_count":2,"received_data":1415,"sent_data":850,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"1xlite-837593.top","ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"domain_registered":"2025-04-30","domain_rank":0,"first_seen":"2025-11-01T08:36:22.283822Z","last_seen":"2025-12-18T21:50:37.529316Z","alert_count":10,"request_count":10,"received_data":65931,"sent_data":6859,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"v3.traincdn.com","ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"domain_registered":"2022-11-10","domain_rank":256434,"first_seen":"2022-11-25T10:00:40Z","last_seen":"2025-12-16T00:12:51.886531Z","alert_count":0,"request_count":36,"received_data":3190723,"sent_data":18102,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/d66f14ffe3.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"1cc0eb51717702439835075509d7c17d","sha1":"513573dfae294863df4f632a92e16e17b84766fd","sha256":"f31f9d1fa5c343551fbaa7fa0f6b591acaa092a9a69f81856be5f21e2eedfa04","sha512":"fac7fe3b611f41aa1a0dda96983a843dfede4a1a64b7b61215b6fc253b4b86e721d0a1f8c4b8d1eb1f7fd09aa46d9d364909c9f448795ae3c32fa8443309c46d","ssdeep":"","tlshash":"d9c08c6b24ea1837c22e8df8491820821f3e42e033f214c54d0dd3aa022a1e2a10d719","size":165,"data":"","first_seen":"2025-12-18T05:17:53.522994Z","last_seen":"2025-12-23T06:04:28.250273Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/3f29533b00.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"52787ac3d7294d7adee9ea85b342b3ef","sha1":"f27caae4367f22cd38b0dea80d4caf0a96359a09","sha256":"18d93c67cfa4d715db36bfdb4b9f5ea9f21a1c2aec371feb87b89ba9bfde38ff","sha512":"11c0c2733527c8ab1a27466e4b4e401db7a738cdf7ed895f698df3228137c6fc4a12fe233059bba0a961e71af3d83603d46beb1c703b7a759577003acf8a465e","ssdeep":"","tlshash":"7d718546ac78f5f6ba0782a83d2304f0cb1fac6ad15449dae2f4cbbc129d0951532f57","size":3730,"data":"","first_seen":"2025-12-18T05:17:53.564007Z","last_seen":"2025-12-23T06:04:28.277579Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-837593.top/en/block","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"dafb343aac3fe5ca646b209532d36997","sha1":"53e7e61d359e4302e8a8a993ef87941addbdcd3a","sha256":"27054e18281f5b986021cef8efafab9b9fbf6b6dc64a0027cca8bbb3050dc6d4","sha512":"2431a1f17b00f26dd58d329f3c4bcd32aeacc95ece9d1ac6086772ba90aa32700431daabebc5431f41654b2018b3bb9638215e2c0953c16188a17ccc8673c125","ssdeep":"","tlshash":"f6e0cd969519f61b5c33681d896c8b0f95c97e75500d795dc034855c3a53456106723a","size":308,"data":"","first_seen":"2025-12-10T10:19:59.465768Z","last_seen":"2026-04-04T17:37:53.455494Z","times_seen":825,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-837593.top/en/block","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"32159c86275674ef382070c44906e920","sha1":"9cf4a4cebccb00a604d4dcf6a9e6286e6ec9f684","sha256":"a107c386e696c1fccecf5e7f41f415fee4da4f63d2f0eeba79d395dff768416c","sha512":"fac0456fcb2d3fcd584c858da02dc09ae2addc70aa3e03a997b18122f2002c1aeb4f2602eb7da6cc3d3d3c6992e4957ab022697fef3a7705d248490a15c63bac","ssdeep":"","tlshash":"ef21ed25907d0a3f8a27462ea707ba419fad407662d67b1cf61c4f8ca6c62cda1136c7","size":1434,"data":"","first_seen":"2025-12-10T17:31:04.125395Z","last_seen":"2026-01-16T03:05:56.131446Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_chunk_LNU73JEK.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"d96d317966512ab8915a90670ca5a5af","sha1":"a810be1c3e515adb49804e8d976250deb16fd77d","sha256":"f125201d62c452efba070d856821885c7cfd539a31d55846caa6ae3a7522d3cf","sha512":"460b29966e6f5ac4d34ccc714217d29686d7aff42efa92a102729d40aa36dd4fbb87116178b2f9fdece5fdb09cb2bf2024312d3f1b86abb69644f695c76aca2d","ssdeep":"","tlshash":"a521f1e56fbc7ba362be2ae4a02e0041e001d53752f4f1d4f294dfb4a4e949d035b5b6","size":1232,"data":"","first_seen":"2025-08-22T10:11:14.554562Z","last_seen":"2026-03-04T04:00:43.411503Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"bea5b052c307601192270938523fa030","sha1":"937f7094c67f5a92c1032a7bc3f21ee94bec66ef","sha256":"f41290374ba615854ebb4b28a07de775581707f3b6427bcc01c0529c62476f64","sha512":"b9bff7f7d9b518ec76898a732114873c01206378c2a840c62062f05487ef773716ce841d7a5bafe3f0c65fbfdf05509852571a3a6b381661cb6f4984d6bc23a9","ssdeep":"384:ZP7iayBuR9vu3z1JXvykd2+LaqHdC6RjVnTGm/7piCXmH8kCCcvJTCyCu+meAxiZ:piZwO3XvO+NMSJt3XmckXcv4nxJAxiH5","tlshash":"7b92a28c7684b0a287a7a2a7a07f860f71376865650e9004f59cf6ec3c35dba507bc7d","size":21252,"data":"","first_seen":"2025-08-22T10:11:14.555802Z","last_seen":"2026-03-04T04:00:43.408775Z","times_seen":3920,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_28e4cd62af.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"a27949b457876031d66e4455977714fc","sha1":"8d09a1c998be07988b32c63b55f215a292483b13","sha256":"4b2c1caa982c29f9ec2776ebd1b43e946b65d79bb2c75584d17da12d3a8a7386","sha512":"9e4fde345abbe49ae091f82d503ff51085d40461c29dae53c8f6a2b9aec4eeca2b4ba35fd69b8f6a0a328820ecb419daa59ccdf75e0296b07d7d617e09227c1c","ssdeep":"","tlshash":"cfd0eb397ff0a0f43305a8ff321e308233093804530ac4a350a7139801e80f5a239e3a","size":291,"data":"","first_seen":"2025-12-17T19:40:37.013302Z","last_seen":"2025-12-23T08:34:05.694339Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-837593.top/en/block","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"17f58f25e90642827de9a052e661a1ee","sha1":"db46c252dab2c2762b9f81192f73b0082e0e61ef","sha256":"e01baabbe6371885bbf75351cf5c719495f4b5a309c810543bf0f7be5ab02585","sha512":"2df15efb70889e24d148550beccf8c45811f3d51f2eb7b25927e7b37d7129646c2070f7f14cebdeb221e4720c5d7aad90c36e866bdfb0816582b0464a1215120","ssdeep":"","tlshash":"331175330a3ce73f812468dcc5a1aba95590285ab100d48f9dfccc47576b6d3a953f13","size":1037,"data":"","first_seen":"2025-12-18T05:17:53.583987Z","last_seen":"2025-12-23T06:04:28.282778Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/$_$.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"2cdaa92927f02e0b628f1ef4d7dd8caf","sha1":"9104a2e16ed080b80a42588b8aeb52ebec47ab7a","sha256":"ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db","sha512":"31da80bc1b17aa708fef74b0211af91fce1b4a5f518f11e5caa80f50e9a7791b6e94924e381f550fc44a02f4c1d785e5b95fa2464e7968b5cab079612d70d839","ssdeep":"","tlshash":"1ba002935a5ef66c209044860696e74733823d6a3477b1d625bc5509e6061474817257","size":69,"data":"","first_seen":"2025-05-14T05:06:37.199299Z","last_seen":"2026-03-18T19:40:26.76398Z","times_seen":5502,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PJNUBKRP.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"7e7ebd44e3a6550f862e122ab7df6409","sha1":"384ecbc3ab0f65e6b0f88c1e68ba3eb73fad4999","sha256":"138767518a09e63d24f918f6380923893a2ec3aa59a640e51c83517501823076","sha512":"e2766b50e289dc6a69fa30432a49a0b7743f15cd15a54d707959c7623f258057a821a94285c492746216cfbf815089309b6cc09b930ba7977ff9c4ffc352d76e","ssdeep":"768:wDKAOpvMewHFuM96WwZACjzz46zSTKsBE1OvFXfX1UXk:wm8uPW43zEIOvdlUU","tlshash":"a5d2b68c7799f02683bb3070907f580ef237a912594d90a0e591e5f86dbd75c822bfad","size":30277,"data":"","first_seen":"2025-08-22T10:11:14.535778Z","last_seen":"2026-03-04T04:00:43.425133Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/f48d93abce.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"bcc71796d8e0673e627c730b56d1664e","sha1":"060c092f5d6716d978eb0611ed8a93f9a515bbc6","sha256":"d900e7eddb07347c1ddc18d9212742e6e07280ab86143bed59feb52b23feea39","sha512":"87a926b896084d330ef9ad96df408ca5f2e87366314ea7c55bdb1a463f20d5589c1b0179d15808d2ad68459934d966f76ef5fc65a64454633517e5b3054b8260","ssdeep":"192:FhwOabV4+n9HWmz0s3t2rFxbX0fWJzMgO3FOBAx0Yy+f9J0:HqbV429HW0f3t2rFxbX0fWJzMgOWAuHn","tlshash":"9ae1f7ee2ef9347025154facbe4660f197ac0d12a6fcd8a2f5494f18033e44cc2b69b6","size":7327,"data":"","first_seen":"2025-12-18T05:17:53.579537Z","last_seen":"2025-12-23T06:04:28.272284Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0072242c6ef2ee98279ae8a0633074cb","sha1":"db053a90b76756403b725cc2e4880ae534136d87","sha256":"47691ede0b8e2543919c52d24b3a65c1d1eacb519b07548368087428a7619a92","sha512":"8ca2585198479a61b18ccc877651210d240559aa41fcbc28805e47634e1d821934d85d53da2456a0fd9d448085a505fb19c7296f3bd4b67a3b1bd2dad1066347","ssdeep":"6144:u7Ie7mg2bulKYX61u99Yye5HDmHYmyBFzvnsBu6QWllECPad4XEPPad:dCubu7q1mcrnssW2wEy","tlshash":"82b4098e73c63426929af478502f02cba9bb29e2b45dc897b1c9ccf01d7459b4167f78","size":509727,"data":"","first_seen":"2025-12-19T21:45:52.080051Z","last_seen":"2025-12-19T21:45:52.080051Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"83e311eb8e222d229b6177bd007ce9eb","sha1":"96b851ffda0eab794c2bb637255a48ae25770144","sha256":"d0ff62de588e1c47eedbd91a89dcf394e2ec5bd09392ea556b9a34108077e9ad","sha512":"fd2e1bfb6588598e356ddc08724c2e6f602b89626b30eeca2c25b8f60340f25e28a761b8e13b75d1627172530abf7dd0e586e792f53759d08bda626145f65b0d","ssdeep":"","tlshash":"202112debed2b5908394188c4e2ec055f23a2957641ce6fcd765e7827c403a186f3c1d","size":1297,"data":"","first_seen":"2025-08-22T10:11:14.559442Z","last_seen":"2026-03-04T04:00:43.42063Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"00e44cad05af09626c2b10aeee7de5a3","sha1":"4461fd05cdd85255f4ab24edd5ac80e7b6dec92e","sha256":"5277a86b8db312b1e34318cb994829e113d8204c3a2e88ab594e5135b2bbfb2a","sha512":"548bf615b1118881d21a0cfd2d530b3f0ce1e14cc93cb6afce662b30ac70877fa152fd71b5d786bb2e43e31a1980e00b83106b1f4b3ae12fbb2ddbedf6c81841","ssdeep":"","tlshash":"901159c232e3a0d183e058cd1001d906f23969e9a4bca0c9c757e6b93cb2a53d87672a","size":865,"data":"","first_seen":"2025-08-22T10:11:14.567955Z","last_seen":"2026-03-04T04:00:43.420123Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/entry-45f2e0e9f8.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"45b0bf3fa621f9c7121a7c4d51e6bf10","sha1":"931af5d9e915a2ad8260baa13e0cd4aebb7e08f2","sha256":"2de05da7cadf441e580f686ab8781335cbc73fd5397515c5eeef48cde5a648b8","sha512":"ebc390dda2861be9910a27098c1dbbb835258e687a978fe9c9bb58e6bab5d8aedc2b05563c94f8cad2a9387038cc1146fded35f9776e08d109da1f8f75d1bfff","ssdeep":"768:Hy0ufOhI4Ptcu3LWaNxrYSY4PAXr/ar03mhYW/puuiIWmhk5Q+bUY0lW+bmHm3hY:SVQ1/er8iIWmhk5Q+zU0L","tlshash":"e5d294b8245cf0b531db54d837b6bc4262886d6ff98afc86518b89d913da04cc9713bb","size":29724,"data":"","first_seen":"2025-12-18T05:17:53.555005Z","last_seen":"2025-12-23T06:04:28.253685Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_e0d4f324ec.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"063c04a4f8bd1f182892119dc4065bad","sha1":"3549aafe092dbf198e67c8d47250ed3b4c575388","sha256":"4deb65fe22c300002c9cdf4e47ce41c1a2ac8c343f412548af185a02aecb724c","sha512":"39268a9881888e41ff9e732d1c4bbac6fe42d01cf1548baa9e39594aed5c483451e3fb5b74212c4454ec951ef082bac207b034f146d96a14122a6e1e3dfb8257","ssdeep":"49152:T8+pcUB+WpwIxXx9ZAn5GAZ/rb2A2Sd6CUi:TNo56S","tlshash":"a8757c55f0467d222aeb55eab07710c2666c8a2dd41cf494f2e7dce83ace44052debbc","size":1677025,"data":"","first_seen":"2025-12-17T19:40:37.018113Z","last_seen":"2025-12-23T08:34:05.727676Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/1d0d170d2f.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"87e78b587b1bdf6fe09023700f1fda22","sha1":"92dbf16c740770f0bae772b604e17157adfa8f9d","sha256":"9838e73d51e40bc6b160460cd502e2dd29fd7ec6fc463b8b2a5107a6f96c5849","sha512":"987f898e4c9b23ec673d2f97e201c4edb79781ab2e49c1687d421c8667be82304778177b4c77f5cf04c8e2379dad3fa88dc08524a2494cc8b4063ce78b2fba95","ssdeep":"","tlshash":"926196867cf8b0e3ae6643de7d2600b5951c6649a25d40d7faec877c300b099176af63","size":3183,"data":"","first_seen":"2025-12-18T05:17:53.570823Z","last_seen":"2025-12-23T06:04:28.271737Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1/23802/radar.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"82dec77fd0353c7c71ce053b8601387e","sha1":"fbbca95419e1d0c042e0a5fdf10f380aca66188c","sha256":"39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7","sha512":"6872c895cb44711405e57a436dfbe15d094f9159e11ee2b89983c63b1f18f6acbdfaf0ccbb5e48b2bf24f366f16584c660bca4b6b14c048a134bb77a60f6563e","ssdeep":"","tlshash":"02e068ae9391a318537a2dbacc4e060ba0f6114888e5e4e029f5c2c00461bae072bfb4","size":390,"data":"","first_seen":"2024-02-13T14:23:26Z","last_seen":"2026-01-15T12:01:08.184588Z","times_seen":7496,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_QPSMQ63M.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"164898c30959866a1b3fea1a5e6ea099","sha1":"327a1e5b387c34249f392ea57d16065b04cc4db3","sha256":"c5625d19037f366c65f35f2f505db598f011f18d9581f92e98872ad7991843bb","sha512":"a3398c1c2c85a854b323551fc4275ae63d2d6946d58664e05146850cc4a0306823b675b8c099a29f0eb616f96e40f0ff2fc2bac4665f072f3805534ff959db48","ssdeep":"768:nAwZ1yyQBv4Hz+asCmaUOTfh5iwVwBo5Yy7Ys5CW0J7/FIs11O4:nAwWBv4Hz1sCmaUOTfdVco5YyUs5CW0N","tlshash":"82e25cc8b779bca2335e908c90370313b37559e7584d9030f7a65ea231a564282e7f7e","size":31420,"data":"","first_seen":"2025-11-29T11:34:46.301195Z","last_seen":"2025-12-23T22:34:35.106485Z","times_seen":233,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/e90268f081.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"c36792ae4f8136ea7b770261e72a6774","sha1":"f0f3120d8fb0b5bdf65dfe1ebf0bcebbbf222901","sha256":"ed1db47320df4c190899d7196fa60f1b84150967245bb28f47030400590685d8","sha512":"3825e6e160148498b11f9eec0ca50b5f729df5557fde7a66683fc9860af98d65ea63d4aa9ab2385039d71a69a779222e1639b3f59d4dc341c14320191a71cb2a","ssdeep":"","tlshash":"7a31c6b6bdb4f03a475056fef41830b1e3892a66819df0d6a2c887b65383041446db73","size":1789,"data":"","first_seen":"2025-12-18T05:17:53.534164Z","last_seen":"2025-12-23T06:04:28.263838Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"1xlite-837593.top/en/block","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-837593.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 05:21:02 GMT","end":"Sun, 15 Mar 2026 05:21:01 GMT"},"fingerprint":{"sha1":"E3:41:BB:04:C8:D4:5A:5D:FF:91:ED:BA:9C:BF:6D:06:DD:66:66:28","sha256":"89:76:49:51:21:0D:0E:C8:DE:1A:29:E8:14:BA:70:F7:6C:87:5F:3E:83:47:6B:7D:D5:90:1E:F6:7A:92:7F:FB"}}},"request":{"raw":"GET /en/block HTTP/1.1\r\nHost: 1xlite-837593.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/en/block\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=U5Pgn2lFx3Mv2dDRA6TKAg==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 203 Non Authoritative\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/html;charset=utf-8\r\ncontent-length: 3311\r\nserver-timing: dt_total;dur=0.044, dt_total;dur=0.007, total;dur=2;desc=\"Total __TECHNICAL_PAGES_APP__\"\r\nset-cookie: gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; Path=/; Expires=Mon, 22 Dec 2025 21:45:24 GMT; Secure\r\nvary: Accept-Encoding\r\nx-dt: 1103, 1103\r\nx-time-ng: 0.004\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"203","status_text":"Non Authoritative","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3311,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3030)","md5":"eca192953c275e5d4432b037a2b5368a","sha1":"07710a2ee6c2b1364abba5171fc6d96d43b57aab","sha256":"56a468f58dd061e097d811dc6476148b8bafbd296191f6480b47b626fd51e651","sha512":"4b79ec2cdf7b66d2f8bcc409b4f9bac45f034e64314a128eebcf8470a867ddfb1eb12bced3cde33bf60225b639b7022d779ae91c3099c1ab01b4465584f8d994","ssdeep":"","tlshash":"c761c737503ccb3f8522445d8a02fb4a9edc287b7249e94de67c4e8d27c62cba417a47","first_seen":"2025-12-18T21:50:40.667917Z","last_seen":"2025-12-19T21:45:52.066196Z","times_seen":2,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"1xlite-837593.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-837593.top/bff-api/config/group/get?groups=d.customize\u0026lang=en","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-837593.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 05:21:02 GMT","end":"Sun, 15 Mar 2026 05:21:01 GMT"},"fingerprint":{"sha1":"E3:41:BB:04:C8:D4:5A:5D:FF:91:ED:BA:9C:BF:6D:06:DD:66:66:28","sha256":"89:76:49:51:21:0D:0E:C8:DE:1A:29:E8:14:BA:70:F7:6C:87:5F:3E:83:47:6B:7D:D5:90:1E:F6:7A:92:7F:FB"}}},"request":{"raw":"GET /bff-api/config/group/get?groups=d.customize\u0026lang=en HTTP/1.1\r\nHost: 1xlite-837593.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nx-geoip2-country-code: ru\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=U5Pgn2lFx3Mv2dDRA6TKAg==; lng=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: application/json\r\ncontent-length: 755\r\ncache-control: no-cache, private\r\nserver-timing: dt_total;dur=0.133, bff;dur=17.98, wf-uht;dur=0.349\r\nx-dt: 1103\r\nx-pod: R-jdw9x\r\nx-time-ng: 0.337\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":755,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9edf4c235d13aa18d960f4afd2422c39","sha1":"015641a2dd78d22f5704a2bcd82d842ff1da5b51","sha256":"530d4887f7ed4c7535fe2cc38473bb402d6b07fc7ccd74ad66ed2c39bc9a1ebc","sha512":"737c1543b71002faf52fc1eb3be863bccf65ad6e366bfb58e812984270ca9d56a06764f0bb3e1cac855d5609de706c58517c477d0a6c1bc9a23d4e5a161629a0","ssdeep":"","tlshash":"1e01d14da1a1763c92a14b99d4823f145ff9c0a735497a04d8189dca33e36ebe1b1203","first_seen":"2025-12-19T21:45:52.068535Z","last_seen":"2025-12-19T21:45:52.068535Z","times_seen":1,"resource_available":false,"data":null}},"time_used":381,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":377,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"1xlite-837593.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/4d416977b5.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/4d416977b5.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-06dd957f7f8fe6b3f9feba3730b7d293-56fd06945641ffdc-01\r\nlast-modified: Thu, 18 Dec 2025 13:26:42 GMT\r\netag: W/\"5c33927153f6d628ea771eb51a514b09\"\r\nx-amz-meta-mtime: 1766064353.298192606\r\ncontent-encoding: gzip\r\nexpires: Fri, 19 Dec 2025 17:19:24 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 15929\r\ncache: HIT\r\nx-cached-since: 2025-12-19T17:19:56+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3884,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3883)","md5":"5c33927153f6d628ea771eb51a514b09","sha1":"40390b90d99b2d3408d597d24daedc4bf614beda","sha256":"302ec7f61d1e628eba933d5b3c75a98f3135bbbd45af794476a0fcbdf145a9c5","sha512":"edde36cc3523543858227617d05807be04053a8b6a1569452abb135fd96074f99252834da9f54d31ae23bc06d06dcb3a1f57ad65e44686dbfc837ff8d94d82ca","ssdeep":"","tlshash":"19818c58bcaf409cfc37df210bdb5e188276b122d11692c8f841953a2ddb98794f149f","first_seen":"2025-11-13T15:27:51.581732Z","last_seen":"2026-02-17T23:36:16.903884Z","times_seen":837,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/3f29533b00.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.312Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/3f29533b00.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-d2bc1c4908985a32ffd991784fd53576-37f10c810dfba8c7-01\r\nlast-modified: Thu, 18 Dec 2025 13:26:42 GMT\r\netag: W/\"52787ac3d7294d7adee9ea85b342b3ef\"\r\nx-amz-meta-mtime: 1766064353.298192606\r\ncontent-encoding: gzip\r\nexpires: Sat, 20 Dec 2025 14:07:11 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 27338\r\ncache: HIT\r\nx-cached-since: 2025-12-19T14:09:47+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3730,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3729)","md5":"52787ac3d7294d7adee9ea85b342b3ef","sha1":"f27caae4367f22cd38b0dea80d4caf0a96359a09","sha256":"18d93c67cfa4d715db36bfdb4b9f5ea9f21a1c2aec371feb87b89ba9bfde38ff","sha512":"11c0c2733527c8ab1a27466e4b4e401db7a738cdf7ed895f698df3228137c6fc4a12fe233059bba0a961e71af3d83603d46beb1c703b7a759577003acf8a465e","ssdeep":"","tlshash":"7d718546ac78f5f6ba0782a83d2304f0cb1fac6ad15449dae2f4cbbc129d0951532f57","first_seen":"2025-12-18T05:17:53.564007Z","last_seen":"2025-12-23T06:04:28.277579Z","times_seen":39,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.no/ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-7JGWL9SV66\u0026cid=1101424188.1766180735\u0026gtm=45je5ca1v897130004za200zd897130004\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938466~115938469~116184927~116184929~116251938~116251940\u0026z=896108891","fqdn":"www.google.no","domain":"google.no","tld":"no"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:35.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.no","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:42:05 GMT","end":"Mon, 16 Feb 2026 08:42:04 GMT"},"fingerprint":{"sha1":"C5:9B:DB:09:C3:06:D2:5F:81:92:CA:FF:B9:6F:7C:92:A8:BF:3C:22","sha256":"C1:A9:4F:E8:2A:8D:B7:33:38:C0:44:9E:E6:A3:81:D1:4F:5B:A4:AD:78:55:8A:7D:CA:78:EB:43:E2:2A:6B:C0"}}},"request":{"raw":"GET /ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-7JGWL9SV66\u0026cid=1101424188.1766180735\u0026gtm=45je5ca1v897130004za200zd897130004\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938466~115938469~116184927~116184929~116251938~116251940\u0026z=896108891 HTTP/1.1\r\nHost: www.google.no\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ndate: Fri, 19 Dec 2025 21:45:35 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\nx-content-type-options: nosniff\r\nserver: cafe\r\ncontent-length: 42\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"d89746888da2d9510b64a9f031eaecd5","sha1":"d5fceb6532643d0d84ffe09c40c481ecdf59e15a","sha256":"ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629","sha512":"d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c","ssdeep":"","tlshash":"c4900023fa808000c3a8c2300a0b238a2b8c80200a28030b80ae208cec3a3a22c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-04T17:45:42.403344Z","times_seen":763677,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":65,"dns":1,"connect":7,"send":0,"wait":26,"receive":1,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-ba9cdb1290f2c60669e12b5d2f37c6cd-a69ec0f8ab7a7a41-01\r\nlast-modified: Fri, 19 Dec 2025 08:26:34 GMT\r\netag: W/\"83e311eb8e222d229b6177bd007ce9eb\"\r\nx-amz-meta-mtime: 1766132715.726529197\r\ncontent-encoding: gzip\r\nexpires: Sat, 20 Dec 2025 09:43:42 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 43301\r\ncache: HIT\r\nx-cached-since: 2025-12-19T09:43:43+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1297,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1265)","md5":"83e311eb8e222d229b6177bd007ce9eb","sha1":"96b851ffda0eab794c2bb637255a48ae25770144","sha256":"d0ff62de588e1c47eedbd91a89dcf394e2ec5bd09392ea556b9a34108077e9ad","sha512":"fd2e1bfb6588598e356ddc08724c2e6f602b89626b30eeca2c25b8f60340f25e28a761b8e13b75d1627172530abf7dd0e586e792f53759d08bda626145f65b0d","ssdeep":"","tlshash":"202112debed2b5908394188c4e2ec055f23a2957641ce6fcd765e7827c403a186f3c1d","first_seen":"2025-08-22T10:11:14.559442Z","last_seen":"2026-03-04T04:00:43.42063Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-837593.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-837593.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 05:21:02 GMT","end":"Sun, 15 Mar 2026 05:21:01 GMT"},"fingerprint":{"sha1":"E3:41:BB:04:C8:D4:5A:5D:FF:91:ED:BA:9C:BF:6D:06:DD:66:66:28","sha256":"89:76:49:51:21:0D:0E:C8:DE:1A:29:E8:14:BA:70:F7:6C:87:5F:3E:83:47:6B:7D:D5:90:1E:F6:7A:92:7F:FB"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1\r\nHost: 1xlite-837593.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 9f345218-7dbf-4c5a-b54d-d86ff39746e9\r\nContent-Length: 19\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=U5Pgn2lFx3Mv2dDRA6TKAg==; lng=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":19,"data":"{\"w\":55,\"state\":[]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: application/json\r\ncontent-length: 2\r\nx-dt: 1103\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.124, wf-uht;dur=0.011\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d751713988987e9331980363e24189ce","sha1":"97d170e1550eee4afc0af065b78cda302a97674c","sha256":"4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945","sha512":"b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af","ssdeep":"","tlshash":"c7100000000000000000000000000000000003000000c0000000000000000000000000","first_seen":"2023-03-08T00:02:47Z","last_seen":"2026-04-04T17:43:51.79822Z","times_seen":226937,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"1xlite-837593.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-837593.top/seo-module-api/api/public/v1/analytics-counters?project[id]=1103\u0026domain[host]=1xlite-837593.top","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-837593.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 05:21:02 GMT","end":"Sun, 15 Mar 2026 05:21:01 GMT"},"fingerprint":{"sha1":"E3:41:BB:04:C8:D4:5A:5D:FF:91:ED:BA:9C:BF:6D:06:DD:66:66:28","sha256":"89:76:49:51:21:0D:0E:C8:DE:1A:29:E8:14:BA:70:F7:6C:87:5F:3E:83:47:6B:7D:D5:90:1E:F6:7A:92:7F:FB"}}},"request":{"raw":"GET /seo-module-api/api/public/v1/analytics-counters?project[id]=1103\u0026domain[host]=1xlite-837593.top HTTP/1.1\r\nHost: 1xlite-837593.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=U5Pgn2lFx3Mv2dDRA6TKAg==; lng=en\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: application/json\r\ncontent-length: 47\r\ncontent-encoding: br\r\ncache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300\r\nx-content-digest: enb066c3de982d01779fd50476f73b1ab6\r\nage: 608\r\nx-request-id: 7e5be6f8d6643fb51d376e616644304f\r\nx-request-guid: 7e5be6f8d6643fb51d376e616644304f\r\nx-time-ng: 0.004\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: p;dur=2.5510787963867, wf-uht;dur=0.014\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c809138c09727a461b3438eb080f8445","sha1":"2b43a325cd3d2b7a1d91967f30bb52c4e136822b","sha256":"47d34e128cb5a1e2edb0f30e9a15ec1c79a82bc64c512b53702ddf6a5a33f74c","sha512":"31a4a640ba00124b48f424535b4e79e3a42bc44f84c4fec2ed52461131ce90e68d090804b9c30c40abc780edefd8321e261403fe80b0e113af509952ecb7e892","ssdeep":"","tlshash":"0490045177057d54d40750c444454553411c50d5cf5111033d54c733c17d35470c7517","first_seen":"2024-04-27T00:40:23Z","last_seen":"2026-03-30T00:11:58.747679Z","times_seen":455,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"1xlite-837593.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1103/desktop/media_asset/b4637c024b17ee3296bfff04fcbeba04.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-1103/desktop/media_asset/b4637c024b17ee3296bfff04fcbeba04.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-f39bafe31ae4df8d94790370d2f1112a-9b19341956504af6-01\r\nlast-modified: Fri, 07 Nov 2025 11:34:29 GMT\r\netag: W/\"b95bbe824df0e2a2d571358c25c01f88\"\r\ncontent-encoding: gzip\r\nexpires: Sun, 09 Nov 2025 21:47:07 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2008\r\ncache: HIT\r\nx-cached-since: 2025-12-19T21:11:57+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7723,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b95bbe824df0e2a2d571358c25c01f88","sha1":"7fcd8150dae9d36bae064f605676517894eba563","sha256":"deaedaa5a68d9f5a85961164003477eb5078602f7634eeb6257a45c235bd5234","sha512":"cd1211517c82f9675fb88706595ae2445566de27564f475ac7a26c3fcf67ee70f59ec575a5153c737c49bf87a75db9a1216d672dadbd146ffbd22e95ca8c3e00","ssdeep":"48:TzABBABGkABjABFygABCN/ABCNYN8ABWHABaEABzzEFABIIX4ABBxSHsABYiwABp:lFbClXCL3cblP+XyLO5GIQ","tlshash":"0ff11684fff05c33112f94ad98b37a89a3884f07a95a7d1c7f9d294c1f1451a04aadbe","first_seen":"2025-11-07T13:07:42.245146Z","last_seen":"2026-01-05T09:11:08.877922Z","times_seen":824,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1103/desktop/media_asset/2252108128bc1cc1783a0a1544f820ad.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.257Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-1103/desktop/media_asset/2252108128bc1cc1783a0a1544f820ad.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-253051d21375885cb7652f5c79844f27-d0a25c97125124ed-01\r\nlast-modified: Fri, 19 Sep 2025 14:23:05 GMT\r\netag: W/\"b5a6dbdf3f12e11d0c5275b2ca6dc739\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 12 Dec 2025 23:35:17 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2008\r\ncache: HIT\r\nx-cached-since: 2025-12-19T21:11:57+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3091,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b5a6dbdf3f12e11d0c5275b2ca6dc739","sha1":"a8495df42a8f1e18c12dc1723660d062bbc8fb6b","sha256":"8febfd79d9b9b1298af34575340a4288d6d5b01ee4e50c57f5a5509d602412f2","sha512":"813327003eefeef8e9772adc05530b46f52fc044d76f5ed1393854052836ae2f89a0118697367681afbab9084b4e215c3120bf09ea2713553a7e8286ca9afe2d","ssdeep":"","tlshash":"85514b4df6e41c33012f19bdc0f76a6993d84f4f694a7c283a9d6c4d1bd451900aad3e","first_seen":"2025-07-21T03:11:29.13175Z","last_seen":"2026-01-11T03:06:49.449217Z","times_seen":2816,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_f84004e523.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_f84004e523.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-cf32bfeb9c24b4b902602bb92b39b95c-2da42eddd27b7577-01\r\nlast-modified: Fri, 19 Dec 2025 11:17:56 GMT\r\netag: W/\"b52b0468a89928ac4f5491d84b23b9da\"\r\nx-amz-meta-mtime: 1766142981.81516321\r\ncontent-encoding: gzip\r\nexpires: Sat, 20 Dec 2025 11:18:48 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 37168\r\ncache: HIT\r\nx-cached-since: 2025-12-19T11:25:56+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5355,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (5354)","md5":"b52b0468a89928ac4f5491d84b23b9da","sha1":"a9ea1f64b65e6191c59676c686c51b060c7f2894","sha256":"e638e7e679d5cd6a547e47ebca2b1c6a13023e80d42fd89139ab021f6aed3c57","sha512":"faefa82305b6be705bafc627991a35f1a32d679358a72ea81cb3551b0a3708997017d946ed2984f683a5514eab417ee5806627c0db89bf3b3820c38f5bd12e4b","ssdeep":"96:y0EbBQ77VHY+R5f4wQL5cdj5JeEaiq4vupNFZFZLiG:obBQ77VHY+R5f4wQL5cdXQzZLiG","tlshash":"5ab11e8dedf5c03a8a27bc12135c8e3d1735f997d9211d9ef25c83a554c3b9201d0eaa","first_seen":"2025-12-03T12:27:09.709217Z","last_seen":"2026-01-29T09:40:33.621374Z","times_seen":485,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":40,"dns":4,"connect":1,"send":0,"wait":7,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/non-embedded.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/non-embedded.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-5ba95bd1db8e8e228710d10517e53151-2cd3774997ccb457-01\r\nlast-modified: Thu, 18 Dec 2025 13:26:42 GMT\r\netag: W/\"124cc24d18351af1656eae12be6975c9\"\r\nx-amz-meta-mtime: 1766064353.303192531\r\ncontent-encoding: gzip\r\nexpires: Sat, 20 Dec 2025 12:56:23 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 31741\r\ncache: HIT\r\nx-cached-since: 2025-12-19T12:56:23+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":50203,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (50202)","md5":"124cc24d18351af1656eae12be6975c9","sha1":"9fcf552112c0d0405f116a0c075ebad921a599c3","sha256":"736db5bdc9562cb0d626cce25730c516183749db3f8228c5d3e566316adccc12","sha512":"7d68a9abd66737f299a36dedc3aa1406711e2ad10497ffd96dfe2ac136c5813342ad89102fb333fffed1b3a8dbf6efbca1b8b4df9aa72e78a2815e2108b62002","ssdeep":"384:FdHpVLkq1Tk9wE1rx1ixddVbVBZYYBJ+JuqQr9C4GWkHjB5lc:XcQvZYY4Qr/sHlc","tlshash":"0633750acd801257be7b893a3584fb0865e4e54bed730e2df459d0448fe7e9f26a03a5","first_seen":"2025-11-25T12:36:55.909711Z","last_seen":"2026-03-05T12:27:01.087128Z","times_seen":561,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":36,"dns":3,"connect":3,"send":0,"wait":8,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/1d0d170d2f.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/1d0d170d2f.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-54f2d66765f9f964dd57ed32d02cbd02-78d03e8e3ead3eb1-01\r\nlast-modified: Thu, 18 Dec 2025 13:26:42 GMT\r\netag: W/\"87e78b587b1bdf6fe09023700f1fda22\"\r\nx-amz-meta-mtime: 1766064353.298192606\r\ncontent-encoding: gzip\r\nexpires: Sat, 20 Dec 2025 08:52:18 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 46319\r\ncache: HIT\r\nx-cached-since: 2025-12-19T08:53:25+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3183,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3180)","md5":"87e78b587b1bdf6fe09023700f1fda22","sha1":"92dbf16c740770f0bae772b604e17157adfa8f9d","sha256":"9838e73d51e40bc6b160460cd502e2dd29fd7ec6fc463b8b2a5107a6f96c5849","sha512":"987f898e4c9b23ec673d2f97e201c4edb79781ab2e49c1687d421c8667be82304778177b4c77f5cf04c8e2379dad3fa88dc08524a2494cc8b4063ce78b2fba95","ssdeep":"","tlshash":"926196867cf8b0e3ae6643de7d2600b5951c6649a25d40d7faec877c300b099176af63","first_seen":"2025-12-18T05:17:53.570823Z","last_seen":"2025-12-23T06:04:28.271737Z","times_seen":39,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1103/desktop/media_asset/b7d72b798d82bbed00dbbedf2a999700.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-1103/desktop/media_asset/b7d72b798d82bbed00dbbedf2a999700.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-f9f1160a1af209dfcb65bd0dbf35a68f-469a5822a6b14412-01\r\nlast-modified: Fri, 14 Nov 2025 14:23:34 GMT\r\netag: W/\"d5cc8ffe5fc650226544b6b62569eafe\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 14 Nov 2025 18:10:44 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2008\r\ncache: HIT\r\nx-cached-since: 2025-12-19T21:11:57+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18043,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d5cc8ffe5fc650226544b6b62569eafe","sha1":"d0b5db35c3c533bf6417a45140f8208b27edadc2","sha256":"996b4966b2322eb95301404c4ce1444a5c54d0481bea887ad14d57715c7e8ffa","sha512":"af457e01be7f2c21d0433fad87ce2b35b223c5602e981314db59bd564eda93675d6a066f49acae75d903e4e3d7244f33d75945611d1cc14f10ce0f8423b9ef55","ssdeep":"96:75b7Ba79eu4QWGAdryCiQFpzLJLJeHZVZYpH3UGHSTSSbbGiJinHQyu7Bn2:u7kJ2VK3UsyinHQd78","tlshash":"518235d9bae41c33112b60bed5e7f91ae3cc1f479d4aa8287e9c6d4c1b6050500aed7e","first_seen":"2025-11-14T14:13:08.070596Z","last_seen":"2025-12-24T17:22:02.96262Z","times_seen":501,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/e90268f081.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/e90268f081.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-3b612b22fecdb7625663be13b02eef8e-807a51376e18b3d2-01\r\nlast-modified: Thu, 18 Dec 2025 13:26:42 GMT\r\netag: W/\"c36792ae4f8136ea7b770261e72a6774\"\r\nx-amz-meta-mtime: 1766064353.299192591\r\ncontent-encoding: gzip\r\nexpires: Fri, 19 Dec 2025 14:06:21 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 27338\r\ncache: HIT\r\nx-cached-since: 2025-12-19T14:09:47+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1789,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1777)","md5":"c36792ae4f8136ea7b770261e72a6774","sha1":"f0f3120d8fb0b5bdf65dfe1ebf0bcebbbf222901","sha256":"ed1db47320df4c190899d7196fa60f1b84150967245bb28f47030400590685d8","sha512":"3825e6e160148498b11f9eec0ca50b5f729df5557fde7a66683fc9860af98d65ea63d4aa9ab2385039d71a69a779222e1639b3f59d4dc341c14320191a71cb2a","ssdeep":"","tlshash":"7a31c6b6bdb4f03a475056fef41830b1e3892a66819df0d6a2c887b65383041446db73","first_seen":"2025-12-18T05:17:53.534164Z","last_seen":"2025-12-23T06:04:28.263838Z","times_seen":39,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:34.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:40 GMT","end":"Wed, 25 Feb 2026 15:49:39 GMT"},"fingerprint":{"sha1":"A1:49:37:FE:E0:3E:26:88:A3:64:37:DC:04:D7:8D:D1:D3:F3:91:75","sha256":"BB:61:22:1A:6C:67:5D:C0:C8:A6:73:93:B9:53:82:98:95:54:B5:52:8B:33:FC:08:58:01:D2:3B:FF:E6:35:12"}}},"request":{"raw":"GET /gtag/js?id=G-5671CMJ6T4 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 19 Dec 2025 21:45:34 GMT\r\nexpires: Fri, 19 Dec 2025 21:45:34 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 161276\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":509727,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)","md5":"0072242c6ef2ee98279ae8a0633074cb","sha1":"db053a90b76756403b725cc2e4880ae534136d87","sha256":"47691ede0b8e2543919c52d24b3a65c1d1eacb519b07548368087428a7619a92","sha512":"8ca2585198479a61b18ccc877651210d240559aa41fcbc28805e47634e1d821934d85d53da2456a0fd9d448085a505fb19c7296f3bd4b67a3b1bd2dad1066347","ssdeep":"6144:u7Ie7mg2bulKYX61u99Yye5HDmHYmyBFzvnsBu6QWllECPad4XEPPad:dCubu7q1mcrnssW2wEy","tlshash":"82b4098e73c63426929af478502f02cba9bb29e2b45dc897b1c9ccf01d7459b4167f78","first_seen":"2025-12-19T21:45:52.080051Z","last_seen":"2025-12-19T21:45:52.080051Z","times_seen":1,"resource_available":true,"data":null}},"time_used":304,"timings":{"blocked":106,"dns":0,"connect":14,"send":0,"wait":44,"receive":47,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-837593.top/en/block","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-19T21:45:23.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-837593.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 05:21:02 GMT","end":"Sun, 15 Mar 2026 05:21:01 GMT"},"fingerprint":{"sha1":"E3:41:BB:04:C8:D4:5A:5D:FF:91:ED:BA:9C:BF:6D:06:DD:66:66:28","sha256":"89:76:49:51:21:0D:0E:C8:DE:1A:29:E8:14:BA:70:F7:6C:87:5F:3E:83:47:6B:7D:D5:90:1E:F6:7A:92:7F:FB"}}},"request":{"raw":"GET /en/block HTTP/1.1\r\nHost: 1xlite-837593.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=U5Pgn2lFx3Mv2dDRA6TKAg==\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 203 Non Authoritative\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:23 GMT\r\ncontent-type: text/html;charset=utf-8\r\ncontent-length: 3311\r\nserver-timing: dt_total;dur=0.087, dt_total;dur=0.006, total;dur=167;desc=\"Total __TECHNICAL_PAGES_APP__\"\r\nset-cookie: gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; Path=/; Expires=Mon, 22 Dec 2025 21:45:23 GMT; Secure\r\nvary: Accept-Encoding\r\nx-dt: 1103, 1103\r\nx-time-ng: 0.170\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"203","status_text":"Non Authoritative","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3311,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3030)","md5":"eca192953c275e5d4432b037a2b5368a","sha1":"07710a2ee6c2b1364abba5171fc6d96d43b57aab","sha256":"56a468f58dd061e097d811dc6476148b8bafbd296191f6480b47b626fd51e651","sha512":"4b79ec2cdf7b66d2f8bcc409b4f9bac45f034e64314a128eebcf8470a867ddfb1eb12bced3cde33bf60225b639b7022d779ae91c3099c1ab01b4465584f8d994","ssdeep":"","tlshash":"c761c737503ccb3f8522445d8a02fb4a9edc287b7249e94de67c4e8d27c62cba417a47","first_seen":"2025-12-18T21:50:40.667917Z","last_seen":"2025-12-19T21:45:52.066196Z","times_seen":2,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":209,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"1xlite-837593.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/version.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /version.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: application/json\r\ncontent-length: 11\r\ntraceparent: 00-17b03caff7bcb3854b627fda6d40d9be-4c8806181bc2b0ec-01\r\nlast-modified: Fri, 19 Dec 2025 14:43:59 GMT\r\netag: \"6bbd9a4b9f50aed7feaf039fd6ae07d6\"\r\nx-amz-meta-mtime: 1766155439.054225754\r\nexpires: Fri, 19 Dec 2025 14:46:21 GMT\r\ncache-control: max-age=60\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 12\r\ncache: HIT\r\nx-cached-since: 2025-12-19T21:45:12+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text","md5":"6bbd9a4b9f50aed7feaf039fd6ae07d6","sha1":"ff7016dc16cccb95d3870ae06eeee4c3927443bd","sha256":"cf8112f072cd5e543c7a4a9a4548e696f3315e22a4546c734c26f119e0739b4a","sha512":"46d2dbf668bc6a7278dd00abb14a21a5afded9006d7f783c01e7d3741081960ad6bf031131b8aee7e3baf5658ac5580e6f20497d983d7b7b87f9d373ccb956a0","ssdeep":"","tlshash":"b6500030ccf0000000c03000030000f00000c0c3000000c030000000000003303c3000","first_seen":"2025-12-19T20:24:21.843908Z","last_seen":"2025-12-22T09:22:10.045693Z","times_seen":31,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/entry-45f2e0e9f8.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/entry-45f2e0e9f8.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-378197dc9c1df50d8f5ab009acf9cace-1318a4ebf26b9121-01\r\nlast-modified: Thu, 18 Dec 2025 13:26:42 GMT\r\netag: W/\"45b0bf3fa621f9c7121a7c4d51e6bf10\"\r\nx-amz-meta-mtime: 1766064353.303192531\r\ncontent-encoding: gzip\r\nexpires: Fri, 19 Dec 2025 14:06:03 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 27338\r\ncache: HIT\r\nx-cached-since: 2025-12-19T14:09:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29724,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (29197)","md5":"45b0bf3fa621f9c7121a7c4d51e6bf10","sha1":"931af5d9e915a2ad8260baa13e0cd4aebb7e08f2","sha256":"2de05da7cadf441e580f686ab8781335cbc73fd5397515c5eeef48cde5a648b8","sha512":"ebc390dda2861be9910a27098c1dbbb835258e687a978fe9c9bb58e6bab5d8aedc2b05563c94f8cad2a9387038cc1146fded35f9776e08d109da1f8f75d1bfff","ssdeep":"768:Hy0ufOhI4Ptcu3LWaNxrYSY4PAXr/ar03mhYW/puuiIWmhk5Q+bUY0lW+bmHm3hY:SVQ1/er8iIWmhk5Q+zU0L","tlshash":"e5d294b8245cf0b531db54d837b6bc4262886d6ff98afc86518b89d913da04cc9713bb","first_seen":"2025-12-18T05:17:53.555005Z","last_seen":"2025-12-23T06:04:28.253685Z","times_seen":39,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-837593.top/bff-api/config/group/get?groups=b.core,d.core\u0026lang=en","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-837593.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 05:21:02 GMT","end":"Sun, 15 Mar 2026 05:21:01 GMT"},"fingerprint":{"sha1":"E3:41:BB:04:C8:D4:5A:5D:FF:91:ED:BA:9C:BF:6D:06:DD:66:66:28","sha256":"89:76:49:51:21:0D:0E:C8:DE:1A:29:E8:14:BA:70:F7:6C:87:5F:3E:83:47:6B:7D:D5:90:1E:F6:7A:92:7F:FB"}}},"request":{"raw":"GET /bff-api/config/group/get?groups=b.core,d.core\u0026lang=en HTTP/1.1\r\nHost: 1xlite-837593.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nx-geoip2-country-code: ru\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=U5Pgn2lFx3Mv2dDRA6TKAg==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, private\r\ncontent-encoding: br\r\nserver-timing: dt_total;dur=0.061, bff;dur=58.48, wf-uht;dur=0.081\r\nvary: Accept-Encoding\r\nx-dt: 1103\r\nx-pod: R-crxnm\r\nx-time-ng: 0.060\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46004,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"741245515f7bf31278b8212779391ac3","sha1":"c97cd609df0778d8788463e71cedbd849315b03a","sha256":"0470e473faa1c37125ea79f6a44cdc84252bdee979550e10649166f385483bce","sha512":"41716dfbefde7e9889e71ac832752fd249c5acd30f6e85ec8561669bdb7aff02abbc259156ce0a71e924dcc60de50743607249312846dd2a9b33f0aeb2d6001e","ssdeep":"768:JJfyTvoANUoxILku3f+Yig3wW2Jrq+sbv+0gWfE6DASZHUrQ:zfGUHLku3f+Y9z2JrLCv+0gOkSMQ","tlshash":"0f23ff5ebac45a3a101f19faccb7ed0e63e81f1b1893a4569ee37d462472d1444e343e","first_seen":"2025-12-19T21:45:52.082078Z","last_seen":"2025-12-19T21:45:52.082078Z","times_seen":1,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"1xlite-837593.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/e27425a6cf.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/e27425a6cf.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-90e852c64d25dd787dd9258fc99ad700-d11c9780ec733c01-01\r\nlast-modified: Thu, 18 Dec 2025 13:26:42 GMT\r\netag: W/\"544ea803a3df8e55e85706a646f95614\"\r\nx-amz-meta-mtime: 1766064353.299192591\r\ncontent-encoding: gzip\r\nexpires: Fri, 19 Dec 2025 14:36:02 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.025\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 25727\r\ncache: HIT\r\nx-cached-since: 2025-12-19T14:36:38+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2867,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (2866)","md5":"544ea803a3df8e55e85706a646f95614","sha1":"ae409064324337a44a066208ec8fa7166bbfd628","sha256":"8991a0d7246dce731aee299bf16a3acbf1f59d5f36776c27e8cfcb7e77b3732e","sha512":"bc0360c2cfce28bc29b49404fe3e3230546cb7b7aebea9936246d7e99f78ac7a66b5143adea22a527739ba10799d93f73cde16c0363961b1b1632e39ddb5e6a7","ssdeep":"","tlshash":"c0516adef8b9d5752d33f022d70c5eb95930b527c5214e82f48c93a125c3a922aa1dae","first_seen":"2025-11-12T14:09:39.097866Z","last_seen":"2026-02-06T09:24:24.17097Z","times_seen":1064,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/desktop/media_asset/2109bdcab2eeeb5f8b317407c150d526.jpg","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/desktop/media_asset/2109bdcab2eeeb5f8b317407c150d526.jpg HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T17:46:17.157563Z","times_seen":13340936,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je5ca1v897130004za200zd897130004\u0026_p=1766180734787\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=1101424188.1766180735\u0026ecid=1825459185\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AEAAAAQ\u0026_s=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938466~115938469~116184927~116184929~116251938~116251940\u0026sid=1766180735\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-837593.top%2Fen%2Fblock\u0026dt=1xBet\u0026en=scroll\u0026ep.optimize_id=GTM-5R4MT54\u0026epn.percent_scrolled=90\u0026upn.ref_id=1\u0026tfd=11704","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.34.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:35.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:38:53 GMT","end":"Mon, 16 Feb 2026 08:38:52 GMT"},"fingerprint":{"sha1":"14:1E:23:68:0E:D0:A1:C7:ED:6A:FE:20:1B:06:FE:F9:83:B2:99:F5","sha256":"61:AF:E1:FE:D1:A6:4C:C2:5B:60:60:94:B3:7F:5C:5D:34:BE:8E:AB:21:42:8A:97:07:E7:8A:B7:2C:91:5D:0D"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je5ca1v897130004za200zd897130004\u0026_p=1766180734787\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=1101424188.1766180735\u0026ecid=1825459185\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AEAAAAQ\u0026_s=1\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938466~115938469~116184927~116184929~116251938~116251940\u0026sid=1766180735\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-837593.top%2Fen%2Fblock\u0026dt=1xBet\u0026en=scroll\u0026ep.optimize_id=GTM-5R4MT54\u0026epn.percent_scrolled=90\u0026upn.ref_id=1\u0026tfd=11704 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://1xlite-837593.top\r\ndate: Fri, 19 Dec 2025 21:45:35 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:170:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:170:0\r\nreport-to: {\"group\":\"ascnsrsggc:170:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:170:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T17:46:17.157563Z","times_seen":13340936,"resource_available":true,"data":null}},"time_used":251,"timings":{"blocked":116,"dns":0,"connect":21,"send":0,"wait":18,"receive":0,"ssl":94},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je5ca1v897130004za200zd897130004\u0026_p=1766180734787\u0026em=tv.1~em.jbq2QQSrO2ikY9LnpEhc3gb8Lbs4VVpt1DA_r0B_BRM\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=1101424188.1766180735\u0026ecid=1825459185\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026ec_mode=a\u0026_s=2\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938466~115938469~116184927~116184929~116251938~116251940\u0026sid=1766180735\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-837593.top%2Fen%2Fblock\u0026dt=1xBet\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026ep.optimize_id=GTM-5R4MT54\u0026tfd=11705","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.34.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:35.256Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:38:53 GMT","end":"Mon, 16 Feb 2026 08:38:52 GMT"},"fingerprint":{"sha1":"14:1E:23:68:0E:D0:A1:C7:ED:6A:FE:20:1B:06:FE:F9:83:B2:99:F5","sha256":"61:AF:E1:FE:D1:A6:4C:C2:5B:60:60:94:B3:7F:5C:5D:34:BE:8E:AB:21:42:8A:97:07:E7:8A:B7:2C:91:5D:0D"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je5ca1v897130004za200zd897130004\u0026_p=1766180734787\u0026em=tv.1~em.jbq2QQSrO2ikY9LnpEhc3gb8Lbs4VVpt1DA_r0B_BRM\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=1101424188.1766180735\u0026ecid=1825459185\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026ec_mode=a\u0026_s=2\u0026tag_exp=103116026~103200004~104527907~104528501~104684208~104684211~105391252~115583767~115938466~115938469~116184927~116184929~116251938~116251940\u0026sid=1766180735\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-837593.top%2Fen%2Fblock\u0026dt=1xBet\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026ep.optimize_id=GTM-5R4MT54\u0026tfd=11705 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://1xlite-837593.top\r\ndate: Fri, 19 Dec 2025 21:45:35 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:170:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:170:0\r\nreport-to: {\"group\":\"ascnsrsggc:170:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:170:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T17:46:17.157563Z","times_seen":13340936,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":59,"dns":0,"connect":7,"send":0,"wait":18,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-837593.top/","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-19T21:45:23.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-837593.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 05:21:02 GMT","end":"Sun, 15 Mar 2026 05:21:01 GMT"},"fingerprint":{"sha1":"E3:41:BB:04:C8:D4:5A:5D:FF:91:ED:BA:9C:BF:6D:06:DD:66:66:28","sha256":"89:76:49:51:21:0D:0E:C8:DE:1A:29:E8:14:BA:70:F7:6C:87:5F:3E:83:47:6B:7D:D5:90:1E:F6:7A:92:7F:FB"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 1xlite-837593.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:23 GMT\r\ncontent-length: 0\r\nlocation: /en/block\r\nset-cookie: platform_type=desktop; Path=/; Expires=Mon, 22 Dec 2025 21:45:23 GMT; Secure; SameSite=None; Partitioned\ngw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned\ngw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; Path=/; Expires=Mon, 22 Dec 2025 21:45:23 GMT; Secure\nauid=U5Pgn2lFx3Mv2dDRA6TKAg==; path=/; secure; httponly; samesite=lax\r\nx-dt: 1103\r\nx-gw-blk-redirect-reason: block\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.008, wf-uht;dur=0.009\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3311,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T17:46:17.157563Z","times_seen":13340936,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":91,"dns":1,"connect":27,"send":0,"wait":37,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"1xlite-837593.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-837593.top/favicon.ico","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-837593.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 05:21:02 GMT","end":"Sun, 15 Mar 2026 05:21:01 GMT"},"fingerprint":{"sha1":"E3:41:BB:04:C8:D4:5A:5D:FF:91:ED:BA:9C:BF:6D:06:DD:66:66:28","sha256":"89:76:49:51:21:0D:0E:C8:DE:1A:29:E8:14:BA:70:F7:6C:87:5F:3E:83:47:6B:7D:D5:90:1E:F6:7A:92:7F:FB"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 1xlite-837593.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/en/block\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=U5Pgn2lFx3Mv2dDRA6TKAg==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-length: 0\r\nlocation: /en/block\r\nset-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned\ngw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; Path=/; Expires=Mon, 22 Dec 2025 21:45:24 GMT; Secure\r\nx-dt: 1103\r\nx-gw-blk-redirect-reason: block\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.006, wf-uht;dur=0.013\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3311,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T17:46:17.157563Z","times_seen":13340936,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"1xlite-837593.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 865\r\ntraceparent: 00-eef920c00817dbd18f7bbf50521dd622-c4d3fb976ff497a8-01\r\nlast-modified: Thu, 18 Dec 2025 17:19:11 GMT\r\netag: \"00e44cad05af09626c2b10aeee7de5a3\"\r\nx-amz-meta-mtime: 1766077390.110937625\r\nexpires: Sat, 20 Dec 2025 05:41:25 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 57839\r\ncache: HIT\r\nx-cached-since: 2025-12-19T05:41:25+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":865,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (840)","md5":"00e44cad05af09626c2b10aeee7de5a3","sha1":"4461fd05cdd85255f4ab24edd5ac80e7b6dec92e","sha256":"5277a86b8db312b1e34318cb994829e113d8204c3a2e88ab594e5135b2bbfb2a","sha512":"548bf615b1118881d21a0cfd2d530b3f0ce1e14cc93cb6afce662b30ac70877fa152fd71b5d786bb2e43e31a1980e00b83106b1f4b3ae12fbb2ddbedf6c81841","ssdeep":"","tlshash":"901159c232e3a0d183e058cd1001d906f23969e9a4bca0c9c757e6b93cb2a53d87672a","first_seen":"2025-08-22T10:11:14.567955Z","last_seen":"2026-03-04T04:00:43.420123Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_QPSMQ63M.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.495Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_vue_deps_QPSMQ63M.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-ec6bcff549e73897d9277dcbaec2adb2-43de4e37f5ec6e54-01\r\nlast-modified: Fri, 19 Dec 2025 10:27:59 GMT\r\netag: W/\"164898c30959866a1b3fea1a5e6ea099\"\r\nx-amz-meta-mtime: 1766139937.901412096\r\ncontent-encoding: gzip\r\nexpires: Sat, 20 Dec 2025 11:32:14 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 36590\r\ncache: HIT\r\nx-cached-since: 2025-12-19T11:35:34+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31420,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (31280)","md5":"164898c30959866a1b3fea1a5e6ea099","sha1":"327a1e5b387c34249f392ea57d16065b04cc4db3","sha256":"c5625d19037f366c65f35f2f505db598f011f18d9581f92e98872ad7991843bb","sha512":"a3398c1c2c85a854b323551fc4275ae63d2d6946d58664e05146850cc4a0306823b675b8c099a29f0eb616f96e40f0ff2fc2bac4665f072f3805534ff959db48","ssdeep":"768:nAwZ1yyQBv4Hz+asCmaUOTfh5iwVwBo5Yy7Ys5CW0J7/FIs11O4:nAwWBv4Hz1sCmaUOTfdVco5YyUs5CW0N","tlshash":"82e25cc8b779bca2335e908c90370313b37559e7584d9030f7a65ea231a564282e7f7e","first_seen":"2025-11-29T11:34:46.301195Z","last_seen":"2025-12-23T22:34:35.106485Z","times_seen":233,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PJNUBKRP.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_localforage_PJNUBKRP.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-12200bdef016378c939e42a0dfa29c00-04150602513f91cd-01\r\nlast-modified: Fri, 19 Dec 2025 08:26:34 GMT\r\netag: W/\"7e7ebd44e3a6550f862e122ab7df6409\"\r\nx-amz-meta-mtime: 1766132715.727529233\r\ncontent-encoding: gzip\r\nexpires: Sat, 20 Dec 2025 09:46:21 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 43139\r\ncache: HIT\r\nx-cached-since: 2025-12-19T09:46:25+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30277,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (30255)","md5":"7e7ebd44e3a6550f862e122ab7df6409","sha1":"384ecbc3ab0f65e6b0f88c1e68ba3eb73fad4999","sha256":"138767518a09e63d24f918f6380923893a2ec3aa59a640e51c83517501823076","sha512":"e2766b50e289dc6a69fa30432a49a0b7743f15cd15a54d707959c7623f258057a821a94285c492746216cfbf815089309b6cc09b930ba7977ff9c4ffc352d76e","ssdeep":"768:wDKAOpvMewHFuM96WwZACjzz46zSTKsBE1OvFXfX1UXk:wm8uPW43zEIOvdlUU","tlshash":"a5d2b68c7799f02683bb3070907f580ef237a912594d90a0e591e5f86dbd75c822bfad","first_seen":"2025-08-22T10:11:14.535778Z","last_seen":"2026-03-04T04:00:43.425133Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-ui/3.3.532/Desktop/Default/client.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.770Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-ui/3.3.532/Desktop/Default/client.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-dda62f129e7ef189880e33b16934b146-4c55376a927c1150-01\r\nlast-modified: Tue, 09 Dec 2025 08:47:35 GMT\r\netag: W/\"34712a26bfb5fe043f2530fd1ecdada8\"\r\nx-amz-meta-mtime: 1765270052.890500357\r\ncontent-encoding: gzip\r\nexpires: Thu, 18 Dec 2025 08:40:30 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 47037\r\ncache: HIT\r\nx-cached-since: 2025-12-19T08:41:27+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":720802,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"34712a26bfb5fe043f2530fd1ecdada8","sha1":"1139e98a4b74525d00bf366144a976a90dbb17af","sha256":"dac5ae36df3bf1301367d99d28a8bd2df862bfaaa1fcb243134a45ec7679b9fe","sha512":"c0be36afe44f95a7d1b683b2aaabc2462b256879a2ef3fd15b899c98b77729608c4e75e4546759979e1b9047e98edbecda2ce936eb1f091592dc1325d19b2b61","ssdeep":"6144:IJinS6RZGVX4t4DQ9yJmpbeYnzlOJDqLZxzMjfPQfZyrHSKRuMrXC/YJ8:nnSajrYJDUZxzMjfPQfIHSKRuPYJ8","tlshash":"46e4941cf29d92353e37e62062945ffc6620b707db221d6ef4aa064a0ec35437196dbb","first_seen":"2025-12-17T19:40:36.821853Z","last_seen":"2025-12-23T08:34:05.701301Z","times_seen":62,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-837593.top/bff-api/config/group/get?groups=d.technical,d.global\u0026lang=en","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-837593.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 05:21:02 GMT","end":"Sun, 15 Mar 2026 05:21:01 GMT"},"fingerprint":{"sha1":"E3:41:BB:04:C8:D4:5A:5D:FF:91:ED:BA:9C:BF:6D:06:DD:66:66:28","sha256":"89:76:49:51:21:0D:0E:C8:DE:1A:29:E8:14:BA:70:F7:6C:87:5F:3E:83:47:6B:7D:D5:90:1E:F6:7A:92:7F:FB"}}},"request":{"raw":"GET /bff-api/config/group/get?groups=d.technical,d.global\u0026lang=en HTTP/1.1\r\nHost: 1xlite-837593.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nx-geoip2-country-code: ru\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=U5Pgn2lFx3Mv2dDRA6TKAg==; lng=en; tzo=3\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, private\r\ncontent-encoding: br\r\nserver-timing: dt_total;dur=0.093, bff;dur=106.81, wf-uht;dur=0.136\r\nvary: Accept-Encoding\r\nx-dt: 1103\r\nx-pod: R-sxx2m\r\nx-time-ng: 0.128\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1323,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"84897737c9dad700fcbb54ccf98e9268","sha1":"7efa0482f9fbfe2753bdf457042d613c7296aa31","sha256":"93610a3b073e92b81527093f8c66a224712d93564c01c13e4c72c41985e15769","sha512":"9f6a1c1b97d79ffae429e30d0f3eab0b6acc3ed3150cebdb5259f77667380b114cbc3c90a98a4056b1e0aef67c9d3d3bd3502229ac8b632ab112983c89eba614","ssdeep":"","tlshash":"3c21265e60b1c53c60680676db85ae149fad405f35847581fe4c9c5c70e2ddee96250b","first_seen":"2025-12-19T21:45:52.095964Z","last_seen":"2026-01-04T21:41:29.000166Z","times_seen":3,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"1xlite-837593.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/site-admin/colors/ac807ea7bf6b3d0ff1813b5eadc3e98a.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/site-admin/colors/ac807ea7bf6b3d0ff1813b5eadc3e98a.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: text/css\r\ntraceparent: 00-cd5d5602b1f665d564b4ce0289834838-1c9485097e03fd49-01\r\nlast-modified: Thu, 18 Dec 2025 11:29:18 GMT\r\netag: W/\"ac807ea7bf6b3d0ff1813b5eadc3e98a\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Thu, 18 Dec 2025 12:38:30 GMT\r\nx-time-ng: 0.004\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 296\r\ncache: HIT\r\nx-cached-since: 2025-12-19T21:40:29+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41375,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (41375), with no line terminators","md5":"ac807ea7bf6b3d0ff1813b5eadc3e98a","sha1":"9483c1b722af655b4d51c04c5247ad367fd16a35","sha256":"8c57ea603f02d13f97aa644529208c4d11ef35834db2523eafbc44079aa7e147","sha512":"ffcec057ff5752012fd832655100cb49eb6080be33be273f6ad283feffb3e9de399f9ba788771f5aeff6cbe2e63018322a132d1952633f2516bb22c91fcd677b","ssdeep":"768:+EO1mFS775xWt5JkyunibMhSNmInQLeCA:+EO1mFI75xWt5JkyunibMhvInQLeB","tlshash":"f8037b7ded91c1712a991931911c677b3d36e9ceae240f8fd02c73e570c1a022be5a7a","first_seen":"2025-12-18T19:24:06.611705Z","last_seen":"2026-02-04T19:06:52.762739Z","times_seen":253,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_e0d4f324ec.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_base-app_e0d4f324ec.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-98b83b2a5df352abfb37ae1148da7c94-decc76d51e1c0863-01\r\nlast-modified: Fri, 19 Dec 2025 08:26:38 GMT\r\netag: W/\"063c04a4f8bd1f182892119dc4065bad\"\r\nx-amz-meta-mtime: 1766132715.701528287\r\ncontent-encoding: gzip\r\nexpires: Sat, 20 Dec 2025 08:40:31 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.004\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 46970\r\ncache: HIT\r\nx-cached-since: 2025-12-19T08:42:34+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1677025,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (24147)","md5":"f46bd358bae8ba08f13440bba2b607e6","sha1":"6d2d6db92d4f411844104d11342eb8fc3680102a","sha256":"21a3eb23049e74525ba873665df7a6ac35fe6d0c0be42ecc8b9378f612f08036","sha512":"4251d278f6697a2bcbde546416885def6b5bcfcafdf9e90f75f0f4f2bd5d9cd9e9df9e41142cbac96b47a17fc1d1cedf55fb3c2b1d6f7c8f7c82c528c98ab9ee","ssdeep":"24576:T+3+pcUB+W356VIxXh2W9ZAn5GAZ/rb2A2aXdp:T8+pcUB+WpwIxXx9ZAn5GAZ/rb2A2Sdp","tlshash":"49257d69f006791236eb56d6706721c6766c8a6dd40ce484f2d7cde93ace41022eefbc","first_seen":"2025-12-17T19:40:36.805464Z","last_seen":"2025-12-23T08:34:05.722834Z","times_seen":62,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_chunk_LNU73JEK.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_chunk_LNU73JEK.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-db030e2aa7df9fbdcad4a182c232b59e-d3569bb3f1ce487f-01\r\nlast-modified: Fri, 19 Dec 2025 08:26:34 GMT\r\netag: W/\"d96d317966512ab8915a90670ca5a5af\"\r\nx-amz-meta-mtime: 1766132715.726529197\r\ncontent-encoding: gzip\r\nexpires: Sat, 20 Dec 2025 09:43:43 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 43301\r\ncache: HIT\r\nx-cached-since: 2025-12-19T09:43:43+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1232,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1231)","md5":"d96d317966512ab8915a90670ca5a5af","sha1":"a810be1c3e515adb49804e8d976250deb16fd77d","sha256":"f125201d62c452efba070d856821885c7cfd539a31d55846caa6ae3a7522d3cf","sha512":"460b29966e6f5ac4d34ccc714217d29686d7aff42efa92a102729d40aa36dd4fbb87116178b2f9fdece5fdb09cb2bf2024312d3f1b86abb69644f695c76aca2d","ssdeep":"","tlshash":"a521f1e56fbc7ba362be2ae4a02e0041e001d53752f4f1d4f294dfb4a4e949d035b5b6","first_seen":"2025-08-22T10:11:14.554562Z","last_seen":"2026-03-04T04:00:43.411503Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-837593.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-837593.top","domain":"1xlite-837593.top","tld":"top"},"ip":{"addr":"83.147.224.159","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-837593.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 05:21:02 GMT","end":"Sun, 15 Mar 2026 05:21:01 GMT"},"fingerprint":{"sha1":"E3:41:BB:04:C8:D4:5A:5D:FF:91:ED:BA:9C:BF:6D:06:DD:66:66:28","sha256":"89:76:49:51:21:0D:0E:C8:DE:1A:29:E8:14:BA:70:F7:6C:87:5F:3E:83:47:6B:7D:D5:90:1E:F6:7A:92:7F:FB"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-837593.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 9f345218-7dbf-4c5a-b54d-d86ff39746e9\r\nContent-Length: 48\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJ0ZW1wbGF0ZSI6MSwicnVsZSI6MjI5NH0=; auid=U5Pgn2lFx3Mv2dDRA6TKAg==; lng=en; tzo=3\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":48,"data":"{\"w\":55,\"sw\":1280,\"sh\":1024,\"e\":10273,\"sids\":[]}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 1103\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.083, wf-uht;dur=0.009\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"710ee739110b64c5355b79bcd0de1342","sha1":"6432f0964e57f0e9a1ec9f570aa712efb3cc7011","sha256":"79e27abbeb8396db0e7ad66cf2d806e139ce3ce5fbd72691449eafed1c14f15f","sha512":"3ecb29caf7ad713f5db0392a9c238ecf09e1cd0f28e49a524ccfd057771a74b9711819daaf1ac476870d847c67e5be800611b878c079ca6edb54ffb3efd935f2","ssdeep":"","tlshash":"717000820220288882880000020028802c208008028c002082a8208000c0ce0000e083","first_seen":"2025-12-19T21:45:52.100083Z","last_seen":"2025-12-19T21:45:52.100083Z","times_seen":1,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-19","alert":"Sinkholed","trigger":"1xlite-837593.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_c7c82d0ec840dcaf32f6dfe636c4fafc.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_c7c82d0ec840dcaf32f6dfe636c4fafc.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-693fb5bef51b155d5658ea0d43c17a74-557f5b429752fc87-01\r\nlast-modified: Wed, 17 Dec 2025 12:10:10 GMT\r\netag: W/\"573ca19484ed7b68628289de225c652b\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Wed, 17 Dec 2025 13:18:40 GMT\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2950\r\ncache: HIT\r\nx-cached-since: 2025-12-19T20:56:15+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2975,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"573ca19484ed7b68628289de225c652b","sha1":"2999f577da4581078174d2f467bdf80a5b884337","sha256":"89b905bf9f7efa10994d329be5ed307e2c48205e0a8a06be4801ccadebeadf3c","sha512":"7cfabf5198a96f2c4992fcd0dce602464be5f8b6f31d6e9686e82210185749fbbc6b3f70b22c90374cf2d095182d6a35f561e92b8f9e22098999bf3fc8c6943e","ssdeep":"","tlshash":"a651750f733c45e5383841403d0d6e6a7b160168afa29194fa8cd85d337f5cae12b22f","first_seen":"2025-12-18T00:40:38.951295Z","last_seen":"2026-02-11T03:04:26.783249Z","times_seen":346,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_8f91eb88c53ddbf3a523b34de69e197d.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_8f91eb88c53ddbf3a523b34de69e197d.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-cbd4e435f4f20cf652b45f06472298c0-c528548faacbfa37-01\r\nlast-modified: Thu, 18 Dec 2025 14:11:03 GMT\r\netag: W/\"1c465aceb934e5ca82beb6b587fa6c47\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Thu, 18 Dec 2025 15:18:34 GMT\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1344\r\ncache: HIT\r\nx-cached-since: 2025-12-19T21:23:01+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":147884,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"1c465aceb934e5ca82beb6b587fa6c47","sha1":"e09dc59049590c6a2a73ad4685944118e4c7ac89","sha256":"3b0b3333e38f1924121d3037b631d991dedf00434a65807fb5851b0ecb9f624e","sha512":"4687992fd2fc7a60ca4c584ec663d87fdc3410eac55b69d16c2b298f8ba8fc75cb8e68e326692b3e9174945b55c02d4151c0dd596b9d611e535bc2696410cedc","ssdeep":"3072:Lf+H5uGiZcIkZPePfxxlRVPtE+IQLKHMc6WrDaRf7JmkpvZG:LSQXlRVPtE+dKHZIf7Jmkh0","tlshash":"dae3e80a194c6e7b0fda12ddf98fdf4962b00045aab2c822d8eec51e7197fd2917714b","first_seen":"2025-12-18T14:42:42.104072Z","last_seen":"2025-12-23T08:34:05.726808Z","times_seen":49,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/d66f14ffe3.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/d66f14ffe3.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 165\r\ntraceparent: 00-bd38a2c03d02ff7b7e02d279f7d585b2-b7cf930b12bc4dec-01\r\nlast-modified: Thu, 18 Dec 2025 13:26:42 GMT\r\netag: \"1cc0eb51717702439835075509d7c17d\"\r\nx-amz-meta-mtime: 1766064353.300192576\r\nexpires: Fri, 19 Dec 2025 14:06:22 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 27338\r\ncache: HIT\r\nx-cached-since: 2025-12-19T14:09:47+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"Java source, ASCII text","md5":"1cc0eb51717702439835075509d7c17d","sha1":"513573dfae294863df4f632a92e16e17b84766fd","sha256":"f31f9d1fa5c343551fbaa7fa0f6b591acaa092a9a69f81856be5f21e2eedfa04","sha512":"fac7fe3b611f41aa1a0dda96983a843dfede4a1a64b7b61215b6fc253b4b86e721d0a1f8c4b8d1eb1f7fd09aa46d9d364909c9f448795ae3c32fa8443309c46d","ssdeep":"","tlshash":"d9c08c6b24ea1837c22e8df8491820821f3e42e033f214c54d0dd3aa022a1e2a10d719","first_seen":"2025-12-18T05:17:53.522994Z","last_seen":"2025-12-23T06:04:28.250273Z","times_seen":39,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: image/svg+xml\r\ntraceparent: 00-dbeb6abf2f5eb015b77775938ec7dadc-b01b8faebcab69b0-01\r\nlast-modified: Wed, 19 Apr 2023 11:51:30 GMT\r\netag: W/\"3ae81b002dca46d3b732ce3e03ae35c6\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 16 Jan 2025 11:13:48 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2562\r\ncache: HIT\r\nx-cached-since: 2025-12-19T21:02:43+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1228,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3ae81b002dca46d3b732ce3e03ae35c6","sha1":"388d37b5f714937677de74330a8daab0a0d1196b","sha256":"1c76b93f07c6a861c4ad9529059ea99ae69f2451788da7cab1f17fa94d54382e","sha512":"48887848044da3a9a54b72a1f15a39ac0b30ea8ad7ddc3d4c69e51bb0479f39631d4b9098d289eecdaa9648db4118ddfa38cf76ef1a58718c67d70efc80a67a8","ssdeep":"","tlshash":"e72124be434d5bfb60025fd8967802513abaf0c2f29926ed55d674227903cf4d074955","first_seen":"2023-04-05T22:56:35Z","last_seen":"2026-04-04T17:37:53.413355Z","times_seen":1389,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-icons/1.0.913/285/country.svg","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-icons/1.0.913/285/country.svg HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: image/svg+xml\r\ntraceparent: 00-f5c37c2392cd35e3d3e0c2cbbdc6ebe8-9163f11d3c420a15-01\r\nlast-modified: Fri, 19 Dec 2025 14:42:06 GMT\r\netag: W/\"e755054847ccc09de8ac9bdf2c4326d6\"\r\nx-amz-meta-mtime: 1766155313.822000953\r\ncontent-encoding: gzip\r\nexpires: Sat, 20 Dec 2025 14:49:09 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 24863\r\ncache: HIT\r\nx-cached-since: 2025-12-19T14:51:02+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":217418,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e755054847ccc09de8ac9bdf2c4326d6","sha1":"1461e05caf5c7bfda69a9a45127a8f78dc37a9ec","sha256":"d03bc4c7e0d2d128ba647df7ef393f9e856ff0b98b09d6d2849bdaaaded8e7b9","sha512":"2a6e1617fe4b5f4039431564fdb2d90f8a4a930ea555e10133b9d07809ebe56f64cfc9000de709289b2cb9143664bb8e334cabf2d49c7c20dac9ba8ed0eee9ce","ssdeep":"3072:hgvO+igz5Wy8EjUskAnA3ZJ9QeVCLpE74OWuhgwlKqjk71xhbXVjGYLGS/suV1SM:uqCLpPOWuq5vaSueoO7","tlshash":"08245554b099b14c2a8363e8c7afa5e1133e61db71da419938e993d8520e3dffe83950","first_seen":"2025-08-28T01:30:48.467208Z","last_seen":"2026-04-04T17:39:02.468581Z","times_seen":1107,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-546ce94fd48bc134dc4f3f682eb21202-acff5b04a808e8dc-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2954\r\ncache: HIT\r\nx-cached-since: 2025-12-19T20:56:10+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-04-04T17:39:02.503075Z","times_seen":10298,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/$_$.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.240Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/$_$.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 69\r\ntraceparent: 00-114bcc98b553b80d722a97e026f5e00d-6d59e79a9f682faa-01\r\nlast-modified: Thu, 18 Dec 2025 13:26:42 GMT\r\netag: \"2cdaa92927f02e0b628f1ef4d7dd8caf\"\r\nx-amz-meta-mtime: 1766064353.298192606\r\nexpires: Fri, 19 Dec 2025 16:22:29 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 19310\r\ncache: HIT\r\nx-cached-since: 2025-12-19T16:23:34+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":69,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"2cdaa92927f02e0b628f1ef4d7dd8caf","sha1":"9104a2e16ed080b80a42588b8aeb52ebec47ab7a","sha256":"ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db","sha512":"31da80bc1b17aa708fef74b0211af91fce1b4a5f518f11e5caa80f50e9a7791b6e94924e381f550fc44a02f4c1d785e5b95fa2464e7968b5cab079612d70d839","ssdeep":"","tlshash":"1ba002935a5ef66c209044860696e74733823d6a3477b1d625bc5509e6061474817257","first_seen":"2025-05-14T05:06:37.199299Z","last_seen":"2026-03-18T19:40:26.76398Z","times_seen":5502,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/f48d93abce.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.574Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/f48d93abce.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-53921c9a8603e5998b3de505491a8826-bba491b25933c356-01\r\nlast-modified: Thu, 18 Dec 2025 13:26:42 GMT\r\netag: W/\"bcc71796d8e0673e627c730b56d1664e\"\r\nx-amz-meta-mtime: 1766064353.300192576\r\ncontent-encoding: gzip\r\nexpires: Fri, 19 Dec 2025 14:06:12 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.026\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 27338\r\ncache: HIT\r\nx-cached-since: 2025-12-19T14:09:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7327,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (6739)","md5":"bcc71796d8e0673e627c730b56d1664e","sha1":"060c092f5d6716d978eb0611ed8a93f9a515bbc6","sha256":"d900e7eddb07347c1ddc18d9212742e6e07280ab86143bed59feb52b23feea39","sha512":"87a926b896084d330ef9ad96df408ca5f2e87366314ea7c55bdb1a463f20d5589c1b0179d15808d2ad68459934d966f76ef5fc65a64454633517e5b3054b8260","ssdeep":"192:FhwOabV4+n9HWmz0s3t2rFxbX0fWJzMgO3FOBAx0Yy+f9J0:HqbV429HW0f3t2rFxbX0fWJzMgOWAuHn","tlshash":"9ae1f7ee2ef9347025154facbe4660f197ac0d12a6fcd8a2f5494f18033e44cc2b69b6","first_seen":"2025-12-18T05:17:53.579537Z","last_seen":"2025-12-23T06:04:28.272284Z","times_seen":39,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_28e4cd62af.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_28e4cd62af.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 291\r\ntraceparent: 00-40e9b35758b940b18bb7b4eef7318c95-c4e2cc25f740ccee-01\r\nlast-modified: Fri, 19 Dec 2025 08:26:38 GMT\r\netag: \"a27949b457876031d66e4455977714fc\"\r\nx-amz-meta-mtime: 1766132715.693527996\r\nexpires: Sat, 20 Dec 2025 08:40:39 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 47035\r\ncache: HIT\r\nx-cached-since: 2025-12-19T08:41:30+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":291,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"Java source, ASCII text","md5":"a27949b457876031d66e4455977714fc","sha1":"8d09a1c998be07988b32c63b55f215a292483b13","sha256":"4b2c1caa982c29f9ec2776ebd1b43e946b65d79bb2c75584d17da12d3a8a7386","sha512":"9e4fde345abbe49ae091f82d503ff51085d40461c29dae53c8f6a2b9aec4eeca2b4ba35fd69b8f6a0a328820ecb419daa59ccdf75e0296b07d7d617e09227c1c","ssdeep":"","tlshash":"cfd0eb397ff0a0f43305a8ff321e308233093804530ac4a350a7139801e80f5a239e3a","first_seen":"2025-12-17T19:40:37.013302Z","last_seen":"2025-12-23T08:34:05.694339Z","times_seen":62,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/site-admin/css_vars/d47c7051b33fd4cf012dd1ba88ca9381.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/site-admin/css_vars/d47c7051b33fd4cf012dd1ba88ca9381.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: text/css\r\ncontent-length: 44\r\ntraceparent: 00-1a7943bbf133b74ed6f520fa7f3d5e27-97a302f125502ef3-01\r\nlast-modified: Tue, 18 Nov 2025 11:33:29 GMT\r\netag: \"d47c7051b33fd4cf012dd1ba88ca9381\"\r\ncache-control: max-age=3600\r\nexpires: Tue, 18 Nov 2025 14:06:30 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2342\r\ncache: HIT\r\nx-cached-since: 2025-12-19T21:06:23+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"d47c7051b33fd4cf012dd1ba88ca9381","sha1":"e8f4a550dc1526e29bbf41e19812174061129e0d","sha256":"d23ddf603e1bea345e3f913800e533ecea691174a25c9f0a40ea8b6eb17e4c95","sha512":"67ba4c3cbeb528f80648ab2833e973436b5f58817ebb69c754b06e50370f279bf18d0f6abb031ebbabb75867e0691cba11b3dc33ea9e85da3438a7e40510ef49","ssdeep":"","tlshash":"729004d4f50c33503455c75710dd44d111c4135f4511355cd5533c11f443c40cc505cc","first_seen":"2025-07-16T20:50:43.408412Z","last_seen":"2026-03-26T08:17:17.906604Z","times_seen":1364,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/desktop/media_asset/e6baed4eecf4ba7f9a5c2fcf97aad110.webp","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/desktop/media_asset/e6baed4eecf4ba7f9a5c2fcf97aad110.webp HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: image/webp\r\ncontent-length: 6642\r\ntraceparent: 00-fdd269aea9bf84281d809937ea1fa993-94baf9b16b1b7eb3-01\r\nlast-modified: Tue, 28 Oct 2025 08:17:54 GMT\r\netag: \"f2a90faef41c53fb4af747c8cbf25485\"\r\nexpires: Mon, 08 Dec 2025 19:01:33 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1357\r\ncache: HIT\r\nx-cached-since: 2025-12-19T21:22:48+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6642,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 960x278, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f2a90faef41c53fb4af747c8cbf25485","sha1":"54855a9fb307c4ecc9afea135838328cf439162e","sha256":"993540582d4cab4dc40ba13392f7460f30f0b656ff1e413abe9c20387000cc92","sha512":"c6f5e9a6238a864affd37952ba241b4e5a01dbfad9a18e22b53ea00e6f3acbbf114a5752f0b5faecd89efa6d24990df365113d7321543d0d44cfab1987f123a8","ssdeep":"96:MdOd7t6i+bJODeMN38LbY5gZQpRDH/ij1TgpEV6iuRjxNY4wos4RWNFCjMzlAm92:MduSOXsv6DfiR8fisNk9X3qUhpg","tlshash":"d7d1b074a2c81a958a299e763e763dab6e81039c31bcb6d674b5d5c8c50843fede7030","first_seen":"2025-11-13T15:27:51.525317Z","last_seen":"2026-04-04T17:37:53.418064Z","times_seen":1110,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1707728419/stub.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:35.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cedexis.com","organization":"Citrix Systems, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0","sha256":"BE:70:39:96:BA:51:8F:A7:6A:9D:E1:58:FB:D9:F7:6F:17:5C:DA:A9:6E:54:3F:8F:0B:3D:1E:DF:8C:44:B4:71"}}},"request":{"raw":"GET /1707728419/stub.js HTTP/1.1\r\nHost: radar.cedexis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 19 Dec 2025 21:45:35 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 12 Feb 2024 09:51:01 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"65c9ea05-186\"\r\nExpires: Fri, 02 Jan 2026 21:45:35 GMT\r\nCache-Control: max-age=1209600, public\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":390,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"82dec77fd0353c7c71ce053b8601387e","sha1":"fbbca95419e1d0c042e0a5fdf10f380aca66188c","sha256":"39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7","sha512":"6872c895cb44711405e57a436dfbe15d094f9159e11ee2b89983c63b1f18f6acbdfaf0ccbb5e48b2bf24f366f16584c660bca4b6b14c048a134bb77a60f6563e","ssdeep":"","tlshash":"02e068ae9391a318537a2dbacc4e060ba0f6114888e5e4e029f5c2c00461bae072bfb4","first_seen":"2024-02-13T14:23:26Z","last_seen":"2026-01-15T12:01:08.184588Z","times_seen":7496,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:24.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:24 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-6f478b5764b5d4f479d8670859626fa6-e2d4f2213c5bccc9-01\r\nlast-modified: Fri, 19 Dec 2025 11:41:07 GMT\r\netag: W/\"bea5b052c307601192270938523fa030\"\r\nx-amz-meta-mtime: 1766144375.519919015\r\ncontent-encoding: gzip\r\nexpires: Sat, 20 Dec 2025 12:01:23 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 35041\r\ncache: HIT\r\nx-cached-since: 2025-12-19T12:01:23+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21252,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (21232)","md5":"bea5b052c307601192270938523fa030","sha1":"937f7094c67f5a92c1032a7bc3f21ee94bec66ef","sha256":"f41290374ba615854ebb4b28a07de775581707f3b6427bcc01c0529c62476f64","sha512":"b9bff7f7d9b518ec76898a732114873c01206378c2a840c62062f05487ef773716ce841d7a5bafe3f0c65fbfdf05509852571a3a6b381661cb6f4984d6bc23a9","ssdeep":"384:ZP7iayBuR9vu3z1JXvykd2+LaqHdC6RjVnTGm/7piCXmH8kCCcvJTCyCu+meAxiZ:piZwO3XvO+NMSJt3XmckXcv4nxJAxiH5","tlshash":"7b92a28c7684b0a287a7a2a7a07f860f71376865650e9004f59cf6ec3c35dba507bc7d","first_seen":"2025-08-22T10:11:14.555802Z","last_seen":"2026-03-04T04:00:43.408775Z","times_seen":3920,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-1103/desktop/media_asset/356c384ab8ea74fc9c238a4192006816.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-1103/desktop/media_asset/356c384ab8ea74fc9c238a4192006816.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-837593.top/\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-33dcaf0b1758620be5c52c9dd4edd4e9-33bdc3885f75452e-01\r\nlast-modified: Tue, 28 Oct 2025 08:33:52 GMT\r\netag: W/\"8ba5272de1a0d518402fa328c33804e6\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 18 Dec 2025 22:50:13 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.047\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\ncache: REVALIDATED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1712,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8ba5272de1a0d518402fa328c33804e6","sha1":"ab5afbda12337a29c4862b2b19cdb9e9f53154cb","sha256":"6f70a82334d9f5801ceb19d6356a63792a31ab3aac81cf31644adc806a873c81","sha512":"54797cc0ec8ca9502adea2c128a59c738f56b9734768003e137a3bce13d81eb8eddc055f072e5c445907f5d4d28bbfc8896557bbf241645915938f0c2e3492b3","ssdeep":"","tlshash":"bc31c695fbe06cb3303f90ad99b7b50ed3880f13ad56ac54baac394c2b54516006ad3f","first_seen":"2025-10-28T08:50:41.526031Z","last_seen":"2025-12-24T07:52:07.872206Z","times_seen":1298,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.357Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-837593.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-1251ce9350ca222e06237e54aa7284fa-880c4b81904170e5-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 244\r\ncache: HIT\r\nx-cached-since: 2025-12-19T21:41:21+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-04-04T17:39:02.424617Z","times_seen":10176,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:25.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 16 Dec 2025 00:00:00 GMT","end":"Fri, 15 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"2C:ED:08:D6:4A:C2:81:ED:6F:55:AB:70:5D:D3:1C:9C:1A:5A:9F:05","sha256":"8B:2C:5C:5C:1A:73:14:D9:18:4E:BF:B8:81:B4:A3:EB:D9:E7:55:08:46:E5:70:6E:6A:AA:B4:07:73:C9:57:C8"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 19 Dec 2025 21:45:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 653\r\ntraceparent: 00-4406331d298cca27b00983d9ffe78363-6775f3d6788d5764-01\r\nlast-modified: Wed, 26 Jun 2024 08:18:02 GMT\r\netag: \"e6f0766cbd95db33da44e7a9140648f2\"\r\nexpires: Thu, 16 Jan 2025 10:46:36 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1155\r\ncache: HIT\r\nx-cached-since: 2025-12-19T21:26:10+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":653,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"e6f0766cbd95db33da44e7a9140648f2","sha1":"5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf","sha256":"c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0","sha512":"249da39baba03408de98c7fa9a9342ef120436037ab6245b3b4a5f1a206291caaf67481c6ed67064544576697d41ab82499abffec998d837812292a050bf826a","ssdeep":"","tlshash":"90f083e032254a855c02ac7fc33414448fb226cc3682bb09e012887119d24a79dd1368","first_seen":"2023-04-05T22:56:35Z","last_seen":"2026-04-03T12:07:45.643999Z","times_seen":6597,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1/23802/radar.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-837593.top/en/block","date":"2025-12-19T21:45:34.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cedexis.com","organization":"Citrix Systems, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0","sha256":"BE:70:39:96:BA:51:8F:A7:6A:9D:E1:58:FB:D9:F7:6F:17:5C:DA:A9:6E:54:3F:8F:0B:3D:1E:DF:8C:44:B4:71"}}},"request":{"raw":"GET /1/23802/radar.js HTTP/1.1\r\nHost: radar.cedexis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-837593.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 19 Dec 2025 21:45:34 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nLocation: /1707728419/stub.js\r\nExpires: Fri, 19 Dec 2025 21:55:34 GMT\r\nCache-Control: max-age=600\r\nVary: User-Agent,DNT\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":390,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T17:46:17.157563Z","times_seen":13340936,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":46,"dns":0,"connect":19,"send":0,"wait":21,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}