{"report_id":"339d2046-ac7a-4b95-987a-6312d36ccbdb","version":6,"status":"done","tags":[],"date":"2025-09-26T06:10:50Z","url":{"schema":"http","addr":"refpa37630.com/L?tag=d_59749m_4096c_[]ALL[]null[]null[]general[]23362-103812-9792665_d30845_l112421_clickunder\u0026site=59749\u0026ad=4096","fqdn":"refpa37630.com","domain":"refpa37630.com","tld":"com"},"ip":{"addr":"91.186.207.144","port":0,"asn":0,"as":"","country":"Iran","country_code":"IR"},"final":{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"title":"1xBet"},"submit":{"url":{"schema":"http","addr":"refpa37630.com/L?tag=d_59749m_4096c_[]ALL[]null[]null[]general[]23362-103812-9792665_d30845_l112421_clickunder\u0026site=59749\u0026ad=4096","fqdn":"refpa37630.com","domain":"refpa37630.com","tld":"com"},"ip":{"addr":"91.186.207.144","port":0,"asn":0,"as":"","country":"Iran","country_code":"IR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-31T06:10:50Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"v3.traincdn.com","ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"domain_registered":"2022-11-10","domain_rank":256434,"first_seen":"2022-11-25T10:00:40Z","last_seen":"2025-09-22T01:30:50.818803Z","alert_count":0,"request_count":65,"received_data":5734724,"sent_data":32827,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"1xlite-93399.world","ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-06-10","domain_rank":1401746,"first_seen":"2025-07-15T22:07:22.317703Z","last_seen":"2025-09-22T01:48:07.200811Z","alert_count":38,"request_count":19,"received_data":967216,"sent_data":49559,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-09-21T22:11:31.071214Z","alert_count":0,"request_count":5,"received_data":2036220,"sent_data":2261,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.google.no","ip":{"addr":"142.250.74.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2001-02-26","domain_rank":92680,"first_seen":"2012-06-26T23:22:08Z","last_seen":"2025-09-21T22:11:30.846888Z","alert_count":0,"request_count":1,"received_data":580,"sent_data":865,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.google.com","ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2025-09-21T22:11:30.527953Z","alert_count":0,"request_count":2,"received_data":1236,"sent_data":1791,"comment":"","tags":null,"fingerprints":null},{"fqdn":"refpa37630.com","ip":{"addr":"91.186.207.144","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"domain_registered":"2025-07-09","domain_rank":562278,"first_seen":"2025-07-25T20:40:25.619787Z","last_seen":"2025-09-23T02:37:34.518076Z","alert_count":0,"request_count":1,"received_data":253927,"sent_data":597,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"radar.cedexis.com","ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"domain_registered":"2009-01-07","domain_rank":28156,"first_seen":"2013-11-27T02:31:43Z","last_seen":"2025-09-22T01:30:50.806867Z","alert_count":0,"request_count":2,"received_data":1415,"sent_data":852,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"region1.analytics.google.com","ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22257,"first_seen":"2022-03-17T11:26:33Z","last_seen":"2025-09-21T22:11:31.293382Z","alert_count":0,"request_count":2,"received_data":1704,"sent_data":2068,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/77b401ad5c.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"670fa8e5c6b227843fb8d3ff8114d346","sha1":"f071e3dd1eb20508fc9dbc44ec023b620c0d0cb9","sha256":"23c5a22a417e9ce45446413ee45fa5098ffccca9859047e8ee08f227677ffd8c","sha512":"b1c49452665cfbc1e493f4cb0e8ad32305f881b54a162668b38073108d5606ed3fed0236d34d98a143b24300a0b95ce937884aef81a2a77c5774fafdef3ace2c","ssdeep":"","tlshash":"a42167703034e52b4bfb1bd888671451f72c3258672671d177cc6ea142a9506926e767","size":1164,"data":"","first_seen":"2025-09-24T10:08:54.271062Z","last_seen":"2025-10-02T07:15:42.634839Z","times_seen":193,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7e381af68a.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"d6a027801db4c1d6536c15243e2d00f3","sha1":"9aaed4050d0bfe2a02b1b29664a01cf37879bed0","sha256":"3265763eaa32326200f4f271f0b9e5ec907d69eac1036426deb31607e02fb17e","sha512":"4fe4b085a93a4284a08a989bac26185fa62930a2904a96005245b8ea11782fbff08a3fadc7da95da3fcc6be3c798810accff433a21aa8c5b424c2500acfd81dc","ssdeep":"","tlshash":"ab11487830f5d054f76a58ce7d29207a537c1904370da8f2f3bd459610da096d5b7d8a","size":947,"data":"","first_seen":"2025-09-24T10:08:54.306524Z","last_seen":"2025-10-02T07:15:42.690332Z","times_seen":191,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/Page.Block-83a33183.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c1d6f4fe59161af2cb3426ac40f8979","sha1":"05cc3ca5df736934e9f630b456fa4e6910d45e14","sha256":"44479f0c94bbdfd4e0665f5cacb8d21c79838faf0626a361b938faf9bd04e2cc","sha512":"3b7b943e18a889cc8c031b8e579d14f133130699280581f7d8c02b355fadca6b8419d22830f0ad5906574541317f71221bdcca38af75764aabb8c0096f57a66f","ssdeep":"","tlshash":"4ff09e9f5472fc8d95e610d343b7c1f7b48c7a7a0649596046a1c8b532f785a4c2124f","size":476,"data":"","first_seen":"2025-09-24T10:08:54.34525Z","last_seen":"2025-09-26T07:36:11.209076Z","times_seen":51,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/runtime-c8eb0ac0.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"8a03bc8048aac7906955d98d697c5639","sha1":"7861306ed76d15b4c7e7f2f2bfad5aeb1575bb90","sha256":"efcd061b79d887eeb1ed526c8d44117996fcfd82c2eae11ba066072f8b48bcce","sha512":"6ec1945b287336576b56b6ab1ae6ab53b8229e917664e99a201d59620668f3824e7292ecc35589607353c6768716a7367c32126fb1d4e46b8b89f20acc8f59ba","ssdeep":"384:xe2xBMWItnjn6hy4sQr/BMWItnjngGFGs03vRuzXMy1WI:06RItT6hy4sQr/RItTHsV/QzMiH","tlshash":"a6721e9d6f1acc675d62dcc338213d25586824375c4607ece6fee2194008e68b6afe2f","size":17477,"data":"","first_seen":"2025-09-25T12:54:38.931714Z","last_seen":"2025-09-26T07:36:11.236453Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"00e44cad05af09626c2b10aeee7de5a3","sha1":"4461fd05cdd85255f4ab24edd5ac80e7b6dec92e","sha256":"5277a86b8db312b1e34318cb994829e113d8204c3a2e88ab594e5135b2bbfb2a","sha512":"548bf615b1118881d21a0cfd2d530b3f0ce1e14cc93cb6afce662b30ac70877fa152fd71b5d786bb2e43e31a1980e00b83106b1f4b3ae12fbb2ddbedf6c81841","ssdeep":"","tlshash":"901159c232e3a0d183e058cd1001d906f23969e9a4bca0c9c757e6b93cb2a53d87672a","size":865,"data":"","first_seen":"2025-08-22T10:11:14.567955Z","last_seen":"2026-03-04T04:00:43.420123Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/792ed53757.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"f6056e830277be5c82779b6fe03d9e4e","sha1":"6f9b1c2f40091dbc71ba4d671adbf12d6e0cfd73","sha256":"14241f6033a8bd3219707f87df1af25202b099a44e9b68b3e834838f67fe5668","sha512":"a2772723fb3c2bbc5d5c6ce4d476b0a31c69bd64000987f8554c41873d89a205cfbc847a88433d9578d4bd06f15ae597ded183807776441180f5ff3bfe4eb3ba","ssdeep":"","tlshash":"6261c6c578b960f9790741cd3d927070e39a1db9139c05b1f2f9888823bd6c45b2f69b","size":3205,"data":"","first_seen":"2025-09-24T10:08:54.342793Z","last_seen":"2025-09-30T08:01:23.58765Z","times_seen":136,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"eval","is_inline":false,"md5":"f986b9aa3ebe88a7b180e80807af68fb","sha1":"3f3e91b75cc4d69e21017a4f51168c9406fe6f40","sha256":"b0753c6a5fc3b7f57c7522a99e5eae37bf8ec07f7ec51ea42e4eafbe0c5d96ff","sha512":"0c2e9d3b0af1f770f9693432193524df98185b2f7f5f4edf546317e7f6084fdb3c4306b9bca33f1f98b3c716f140dee87ee4f05aedd78050140dd6f0395740f3","ssdeep":"3072:ROt+kWhgXic+c4HOjpb2A76W/jwwKFwJykDaZn8tog3MbGu7rf/tWbuJ:TicDcpb2A76WDuwJyVN8N3Mqu/Ab+","tlshash":"3d7472bdfebbdc29b2890ca272f15d59d5a81fa500dd8159a707ff0fab45c35a238801","size":350176,"data":"","first_seen":"2025-09-26T06:11:02.597523Z","last_seen":"2025-09-26T06:11:02.597523Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"bc51ed8c76553717f10d58b2df60fd76","sha1":"e2d03a8fd8d280074b226c288880f9df299c7cb1","sha256":"bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c","sha512":"3207379b65060d0e80623fa966633b5ea31358b20de9aeb2c9416fa7d29f1972bf30809e39f0b826565e569d856dd2498ee0ec5285271c127f54daa7cf391911","ssdeep":"","tlshash":"489004473441140c47d7175410375c4c0c1500705441df400451dc510d51031114545c","size":39,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-04-16T20:55:29.198302Z","times_seen":13408,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"580b3e56fc9ab6e8b4655f43ee057cc1","sha1":"5dfce565e446f4a167195de9a1a5dd26163c711c","sha256":"446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382","sha512":"b2350579a3aaa5843b9b16c31782f3d7a4b850ba211d0074aa05d819c89ba49b482eb59aefcfb33f9fc9b270abb7cf7509e1254def23e9f98c116130c47f0018","ssdeep":"","tlshash":"e99002491d851041c56a1160041e1888442488761a40d8d1c480d9551c51630238e45c","size":47,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-04-16T20:55:29.19656Z","times_seen":13400,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"94361ed86ab9b2fbb8d805c2025df46a","sha1":"3f428332f7a1c7196a85c93a373a966d75708c19","sha256":"eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a","sha512":"c8f4fb7c642357730c6c59e0b49fe3ec16c228d83d4ce402dc62f01e451529b8087240afca37096cebdaaabf47c189dfde5e6e2d780440f663f0e2bc8cf88ff7","ssdeep":"","tlshash":"f6b012df6c8351104a9292e001dec8f0443620303b00cc45544ce7716d2e865de2625e","size":96,"data":"","first_seen":"2023-12-06T14:32:27Z","last_seen":"2026-04-16T20:55:29.171014Z","times_seen":7960,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"efdaee76d7af312ec07945caf9a4449c","sha1":"ae90ac4e33fd83f1da1429c476ec7e3bb381a551","sha256":"d272ead1facad93df482a97cb086bb2fe3d1dceb8293d7b8a13936b199e251cd","sha512":"dad4feeda66e9f91b09f2f2bdc1eb9f56694c956fa10efd891ae0a139ebeb98f81bcef1a86cb2ca7ee85257d963e0d9a14554e076f1a3be15a8cb5fcd965d09f","ssdeep":"","tlshash":"2c31111eba1cf0370511b7fad53f7309eb3318956925b40894a0e8a9ac74d4f5517ccd","size":1736,"data":"","first_seen":"2025-09-25T12:54:38.95524Z","last_seen":"2025-09-26T07:36:11.242539Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/DC-d7f81eae.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"f7ccc8398ed0b910f1918fdebc2b20e1","sha1":"ea59dc9109418674d9795ccd3082258f18ac7815","sha256":"2076de92461a6c3b76ed6c987d61f3fdc225dca5ed71bafc854554fa56d6e8a3","sha512":"580952f877345de45889f2d272c412d32c2c676be42eab6275963b19343e0a87af56eab11f6ff5ad52a02fe041bd854956fc8a6c1a2076fe13547e229a504fc1","ssdeep":"","tlshash":"1041840931a4fc11d3fa1cd869ff7506102bf076648dc9b4d7a36a8b08b7f6aa217916","size":2201,"data":"","first_seen":"2025-09-24T10:08:54.288795Z","last_seen":"2025-09-26T07:36:11.218215Z","times_seen":52,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"eval","is_inline":false,"md5":"82002607990a1657b5204f2b635bcfda","sha1":"dfe1d4bafb6e9ada2a84b8003d5cfe9ded329527","sha256":"53c2a86a80d975468e22b2be31509d8b95776b9700d195c28157495b32f9ceec","sha512":"2237a297629c3c38ee92abb78a96ef03f513d172791f3c9fdb229e65ec07f79389719866cf127719ead83ccfdfa2be0c83dbaf57ca2138b431006b40d3ba9a41","ssdeep":"","tlshash":"fa514111e03c5a3bdd37052e920b7f125fac55a26a892f5cb61c4b7c26d60ce91136cb","size":2687,"data":"","first_seen":"2025-08-22T10:11:14.627317Z","last_seen":"2025-10-15T07:13:10.145281Z","times_seen":742,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/Betting.Core-413070b2.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"f094a0b6b28c3642bd4b50b8f31b5abb","sha1":"7405b64f62938fbae640a241808b5cfc89c38426","sha256":"8bbc90bf03cb6d04ff808ff6f88cdfc006166683fe3b36fc914433e5fec307ea","sha512":"d44f1ea57248c05b4110e074acddb08bd84e583140526644c8649799414c0a5f7c8dc3120374241ef4a0e7cdc2b3ced184c121aab27235a2549095310892f799","ssdeep":"","tlshash":"0b41094a74d37884037e04ca41ff16e1f0a82eaa294c05a8e1829ae074b4ac6c0e7fc6","size":2078,"data":"","first_seen":"2025-09-25T12:54:38.951495Z","last_seen":"2025-09-26T07:36:11.176598Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"2092af1a5ff714fe557788d0c0cf7e8a","sha1":"5e883902207e4a5f957bb4a98fa3631bc40770d6","sha256":"1d2aee86e0eeb7540fa93fae6c3f47d5c8416f502473044727e2996240f6c430","sha512":"cd0e89dc0858ba642f71fbfd9c8acde14b313704755401750b6a5ad077f7b48228d3129d9a582f283b4210a7fc6b9c6d09fdcc2ef60dc645447a870b576b9f7e","ssdeep":"768:F7If/w9984iH2Hgrm1WDSVVsboBem967sePAGNsQfjCzPhCCLiLhT/rAztF1TP7f:Q6HWmQF4B","tlshash":"db83ed557de38087d3d393c6963f80d8e97504cb2ad66f488852ba27f9ae85783d4833","size":88723,"data":"","first_seen":"2025-09-24T12:37:05.164235Z","last_seen":"2025-10-24T09:11:09.932463Z","times_seen":1173,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/destination?id=DC-14030178\u0026cx=c\u0026gtm=4e59n2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cacd1a3a71c259de2526c097de7a9e1d","sha1":"e348431c649f95e83950af8768b0af47533d5921","sha256":"94c9c7ad5595c96a5dc4fd6b68cd4d07c948e60d0c1c8db7706e25d40bbdcb39","sha512":"d470d051de0799cbb3668245616ad3a185ae5728e3bd9f48f5c7d0043094b87dad431bd6f438f94d4dd5d887db149044d0d28cb4abae17a20cd2a358aea94405","ssdeep":"3072:yd2Lu/D62GmMgZOp90RP18YqkLPW8RthKUfgHwa6z0CZzm/uuxB/G1SvuV8fA3KU:bpmMgZOppYqkD1gAm/9G1SvuVcq+CR","tlshash":"a16408cdb3d674664393a478503f004bb1bb6992f84cc895f186d8e42e74aaa4277f7c","size":321118,"data":"","first_seen":"2025-09-26T06:11:02.545827Z","last_seen":"2025-09-26T06:11:02.545827Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"1c99e5674ad15e63b79757c226df4b6f","sha1":"2cc31713bf1c1c5095d15dbad5e0c2c3b850ff6b","sha256":"39b9351d82cb646a32d381f9f3fd72b4d9902f6679702aa6bcac24ff773278f8","sha512":"4332f548d65dacd9f53ef5b77dab0e1fc20277111c0492fcd5b2ffa7c9fa30ac7ebedc9d56f2d13dacd9a062e8e78e46586fa4a1b241a567d5d1f898c681c793","ssdeep":"96:Dhgx8q0yK9g9ktQklIelj+5JJqmQrv/gKrkhZkaoQFuBMOfQtSbNClc2:1gCq0vaktNew6RQrv/vkhIQtSbNwc2","tlshash":"f0d1c492e41cfa2fdc23881ef07b2f310e44196979927b10e6bc872d34931b5e317646","size":6284,"data":"","first_seen":"2025-09-25T12:54:38.95727Z","last_seen":"2025-09-26T07:36:11.24448Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/vendors/plugins.vue-notification-9c2cf5c4.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"1ec400a7033dda7754ff43479ecb9bbb","sha1":"e4359089c1819d6cf4dabfb1db69840d8f598425","sha256":"9e3a19d44f125ffd4130c4ff0faffe12bcff7663f11d14a369aa430820c2fe95","sha512":"a2b448083f1af675828a2e0d256b09ae555ad6caa47e6188d2dad4cee7d77787ce08cec5688bf6178f0804348a7c04295cdf51daaf98005c11a14f5ca916177c","ssdeep":"192:0U1hQXHv3CbfKpqEVwhSIkrReP+SdHtfGA2D3ow5EE9bJ52bFZLy2mp4ilVk:0n3CmpcDkAP+S/fGAWf5VbWbLy2mmijk","tlshash":"5d4296ceb2c2b4650be760b6402f110af136a96869ab54d4f3b1d4f2adb564c413bf39","size":12563,"data":"","first_seen":"2025-09-18T09:12:41.672202Z","last_seen":"2025-09-26T07:36:11.22234Z","times_seen":188,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"32053c9c355cf85427a5cc3f07de0b09","sha1":"f3c13d6a657ffa2ca8997f54f4779f0c02f1600a","sha256":"0ec410318f3ecc3a3aef3de68e99190845248bcc12282aa15eb9acc87f8837d3","sha512":"cbb8c7ef0bbed264989bf5b4af7d216cdeacc5684641c37d429e5ceca7dc04e55254e81f319cd856e7b4f447565bf5abf4e9915f5725eb57cfb142f113362078","ssdeep":"","tlshash":"2211756e18ed58291a9275c402b7ccfc642036363219d4c495ede9e1072ff990032f5c","size":1024,"data":"","first_seen":"2025-07-24T09:34:41.13762Z","last_seen":"2026-04-16T20:55:29.061413Z","times_seen":3895,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/hd-api/external/assets/hdf.js","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"0009b06af6892358f6c573335f102046","sha1":"cb899ce5fb6756d389a12e5049f2180dec2366ed","sha256":"540a50ce4665aa5a15e6afcdf7a260860e1896e77955c7ed128d1e6489bedac3","sha512":"83e9ce72ca4725bf501fe711538455aaa2fb278095d4d3938615b1907416446b8a8ed1f4f34fb296ea4c9a6d6b6e0fecbe31afa240305e7d23baa4145b2cd1c8","ssdeep":"48:Pen1yuqKi6649JoXznZwhU6fINwld0mPr6eC5/F6ALWBl/NR3vMNNeEcxHb8JiTP:Y1yuqKioolwHgObfENerHbkiTgRx05","tlshash":"d581323660ee2d3153639052d53fe5e9f229a8073968ec4831fc588a0f40f6189b2e3b","size":4203,"data":"","first_seen":"2025-07-24T09:34:40.995531Z","last_seen":"2025-10-16T23:35:31.258248Z","times_seen":2029,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"a01893d8e129ad16c1e0fc5c7537f411","sha1":"0e46d1bf2718f848d9d596fa269eaedb31204772","sha256":"cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175","sha512":"074e309b533fc11690afbeab9b4dda85851e086c0ede97936860c7a5c4120ed9a16c6ced4fffdad21ca322f6c6e51577bd4966c5264b4a9780495acc451aee65","ssdeep":"","tlshash":"0d9004f515405350c5533d54401f1d5400f105703c40cc71014cdcd10c710f0335d5dd","size":47,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-04-16T20:55:29.177118Z","times_seen":13397,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3da27d3a8f068fb44f2a4276171cb873","sha1":"9e99f756479240a0c8ce2c606b97171a40b5c506","sha256":"9660741eae54b6da07e49fd9f25a9f35fff78ba6a0ea92f17026ee07cdd71448","sha512":"c004756b990b42689c482354af67cc8227985a69fad1ef47bbc3e6c0318d4d8a58b06ddd3bd131cc34cb8bea552480e4e9c871d1b2f7441708df0dbdd0681f0a","ssdeep":"6144:OpmMgZQpZYqkD1gIuq/RPG1SvuVce3CLq:8mWYlJ/Dm","tlshash":"e2742bcdb3c674664392a478903f014bb1bb6992f44cd894f186d8e42db4aae4277f7c","size":358019,"data":"","first_seen":"2025-09-26T06:11:02.544028Z","last_seen":"2025-09-26T14:19:11.839187Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/destination?id=AW-16664555628\u0026cx=c\u0026gtm=4e59n2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b732b4ee136628f7d3c4015df8b21cb0","sha1":"b4b2907ae3017d9c9bcbde949207db38514e3e45","sha256":"d6fcbd56e4f9a22285afccb9b8a19afc9052a0b5414ba8ae8f89cb4c242e150b","sha512":"8fb262ad000f2b1621226c28410aa0bec7e969e49675fb67d0a647e5f8b846c0f6f0f068e81f893543a4e3bdd8bd521c48116465a23278728fde9c1939d98117","ssdeep":"3072:wFLz5MCu/D62GmMgZepV0RP18YqkLPW8RthKUfgHwa6z0CZzu0B/uuxtA/O/G1SE:mpmMgZepxYqkD1gIuq/RPG1SvuVcxUt","tlshash":"7f7419cd73d674265392a478903f018bb5bb68a2f44cc899f185dce42e74a9a4237f7c","size":367760,"data":"","first_seen":"2025-09-26T06:11:02.590335Z","last_seen":"2025-09-26T14:19:11.77187Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_chunk_LNU73JEK.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"d96d317966512ab8915a90670ca5a5af","sha1":"a810be1c3e515adb49804e8d976250deb16fd77d","sha256":"f125201d62c452efba070d856821885c7cfd539a31d55846caa6ae3a7522d3cf","sha512":"460b29966e6f5ac4d34ccc714217d29686d7aff42efa92a102729d40aa36dd4fbb87116178b2f9fdece5fdb09cb2bf2024312d3f1b86abb69644f695c76aca2d","ssdeep":"","tlshash":"a521f1e56fbc7ba362be2ae4a02e0041e001d53752f4f1d4f294dfb4a4e949d035b5b6","size":1232,"data":"","first_seen":"2025-08-22T10:11:14.554562Z","last_seen":"2026-03-04T04:00:43.411503Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-20da4d518d.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"8d108058058de66245a8ee542525803b","sha1":"fcbb66885410e09d3333846fc3ef1da5efb01444","sha256":"5ff9dbafe7d7e6485c1ffd410778755a77e543c54d2d60f97e393c9604edbacc","sha512":"c99a841f9a29917f11ecff3c45a9ae3f250ae080cc2218c786c085778157def1bbfc7b9d327c971b6bfe45cb6e69094308ab5bf83108660c3ace5b26830f0000","ssdeep":"768:HpKJtdVXvHtm6ijJl2og1RExitQcSdW4nfd9Zig9NYVH/NK44vu3rLBLNqb6jMJD:wFVEbFg16Vf97u3rLBLNqhaq","tlshash":"93d2a37834a7b4b561da99986734bd5396c80f5fe88afcd242cb8caa13d314880527f7","size":28560,"data":"","first_seen":"2025-09-24T10:08:54.265846Z","last_seen":"2025-09-30T08:01:23.522694Z","times_seen":136,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/vendors/app-07a2126c.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"2702d767e9f58d61755e2dacb0f8cca8","sha1":"2e4669289af82390a559cfd61d68d5297d227fa8","sha256":"c4d7ce1f5722bbff73dc46399f8a8d4cf88aa2d4c519e9137a1f83c1c1ce9752","sha512":"c32a6890b626338019170763e5230c5af93f7b24b6585ff90ddaa9f197a285e890a8c1a916368bac56bf3dd9f3b8992be40b252fee3475a84ef1df5ee4c966b4","ssdeep":"12288:VbdQhOyvjhdeY4g1SCCmH4tohcxIz3oE/DTg:chOyvjhdeY4g1TvW2K6P/vg","tlshash":"2d154ba9b585f2560aa32be9d06b0017e32d5e5ebc0ce444f2e7cdd53a59804713af2f","size":947111,"data":"","first_seen":"2025-09-25T12:54:38.917274Z","last_seen":"2025-09-26T07:36:11.18723Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6afa6df928.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"f07d1a740a9a1b3f5b0167d0bf44e4d2","sha1":"7ef2209143f924410b0cc7ccb9867704b1af329f","sha256":"ce4b70d82ecefb017a88749072769e6c11eff89a36e3574a1b9f906a80a0c54f","sha512":"f28d311f859508d50873860d4057947db4ed23b7b7864740d9ad292fefdea3dfe6a6e214000d52a65c0036774fda3da02159d7d7619417db40646b1e00196964","ssdeep":"","tlshash":"b1f002beed31a160a10244d95d5aa422c6c43d67075a74e481e94653b31209795065c7","size":614,"data":"","first_seen":"2025-09-24T10:08:54.297813Z","last_seen":"2025-09-30T08:01:23.511669Z","times_seen":136,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/analytics-59854012.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"08d75d31423f86d2a24ef652ee3620c8","sha1":"89a678d6a3a76772f0c1f7e06c60999761697794","sha256":"2e5413ba88dcf9b9b8ddff376f9af2de6c659b0d8250ae345aacccd651975681","sha512":"7b2dd4e9f5fba16ebcc0e18a652df8390f5e8c5b6a755e6de7cb3b010948801e4af14865675f5a8d7a5e580cde770046f324f74dae90054606ccf6b09d6fbddf","ssdeep":"192:+vO+jPZxnEW5+vxj33Veo9Rshu1WafwRWJ3vQ9O5mPQzuwVvOSRxGMkm:yjPZxnEW5253VeoHb1WafwRWFQ9ymPip","tlshash":"6902a68dbcc8e43007fa19b8e67b9a0ae07a17173405c451caead8c43d7ea8f1117e9d","size":8845,"data":"","first_seen":"2025-09-24T10:08:54.33735Z","last_seen":"2025-09-26T07:36:11.209675Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1/23802/radar.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"82dec77fd0353c7c71ce053b8601387e","sha1":"fbbca95419e1d0c042e0a5fdf10f380aca66188c","sha256":"39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7","sha512":"6872c895cb44711405e57a436dfbe15d094f9159e11ee2b89983c63b1f18f6acbdfaf0ccbb5e48b2bf24f366f16584c660bca4b6b14c048a134bb77a60f6563e","ssdeep":"","tlshash":"02e068ae9391a318537a2dbacc4e060ba0f6114888e5e4e029f5c2c00461bae072bfb4","size":390,"data":"","first_seen":"2024-02-13T14:23:26Z","last_seen":"2026-01-15T12:01:08.184588Z","times_seen":7496,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/main-static/6f67e0c5/check-ob.js","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"c065700c9c8c493403359e1f2baa10d9","sha1":"4630fe729e70bdf63fa7ba6c84ec277fd1f51030","sha256":"1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4","sha512":"b2e1c73cb94f5e3ceb35c3662bf4d72baf800a9a7c64318b1db07d50e9c885dbd94821ef3b3916d1b8b4fabb8f45cb588834b41c6a8a7f4d2c3e9c3866083ee7","ssdeep":"","tlshash":"96d0a79fb900211406939267d12f8668807724973f008182500597e069b8f4c4b37895","size":219,"data":"","first_seen":"2024-07-17T14:33:52Z","last_seen":"2026-01-22T06:40:31.153166Z","times_seen":6298,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"3e04ab2ab3b35c9221c37ae25a554a43","sha1":"da9b1f7d8e256fa0e54937b805cc6e720d39fa85","sha256":"1402bb55ed3a2e33174bf4db793225854064e31361d00cdebd15bef76aadf567","sha512":"7e1ddf92b1b096a97d885838ef7b518de1006f55f8684ec493ee99346baa07f38e6cf28a60fee1c3355a6c79e0b3b40785bf23e3539c5c94135ad22e5134fc33","ssdeep":"3072:95dFYtmZJNmcnJZz1Su/VHI4fmZJ/mcnJZzMtJHR/98kDhu07W54Fn:fdOQnRZ/lanItzDE07/Fn","tlshash":"d924842f690c1c3e911f2fa9854f7d4e5b7c9e2a20cb6c11dcae6e2914e7694426343f","size":228169,"data":"","first_seen":"2025-09-26T06:11:02.611016Z","last_seen":"2025-09-26T06:11:02.611016Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/vendors/plugins.vue-js-modal-957e9f20.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"e4bd4f674fe0ec04a09b7f1705abcc78","sha1":"ef8ee3b7c37705984ddbbd10e264ab2a22bba7f4","sha256":"2bdd900bf3ca36d7b753a320c9fd1151f29d3cc47a303b7345fb968bc01ee3e8","sha512":"31142c53a5b64ca7823fe57acaaf08bc5a433728a13a3be3ac025da6bb68a974355dc918d7fafd28506fa47abbff881828ca24b99fe4b790d411753f03ceae03","ssdeep":"384:vBy0a9vOeCGAZIXfK2rVsAdm00uow4HQEjacGXGQVe6ubqE:SHyIXfPt4wE9GXGQcbqE","tlshash":"d7c2288977d8307442db5563627f2b0ab23e295074269888f772e8e65cb864d206ff3c","size":26667,"data":"","first_seen":"2025-09-18T09:12:41.674109Z","last_seen":"2025-09-26T07:36:11.195201Z","times_seen":188,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"2cdaa92927f02e0b628f1ef4d7dd8caf","sha1":"9104a2e16ed080b80a42588b8aeb52ebec47ab7a","sha256":"ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db","sha512":"31da80bc1b17aa708fef74b0211af91fce1b4a5f518f11e5caa80f50e9a7791b6e94924e381f550fc44a02f4c1d785e5b95fa2464e7968b5cab079612d70d839","ssdeep":"","tlshash":"1ba002935a5ef66c209044860696e74733823d6a3477b1d625bc5509e6061474817257","size":69,"data":"","first_seen":"2025-05-14T05:06:37.199299Z","last_seen":"2026-03-18T19:40:26.76398Z","times_seen":5502,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_IMSSW3CC.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"88a6fb60a16266cbe3ecb52fd8b93126","sha1":"eb542aa1fa7c81175d735276bc982753baa7a969","sha256":"992b792506b7364dbca69a628101f8ca3c278b1e3f5551e898d84d1537637b90","sha512":"3d9ccbd74fd0ca647ee3413cd66daadc156e03254f11feaf32e8786a9084734e36450753868cadf7a2c1fc8d59064a3bc047c0474ce46bce43566bfe758fea56","ssdeep":"768:GwZ1yyQBxrKWnaIlIO+jKr4R5Vx3zt7RH8PocaFz12c:GwWBxrKWaIlIO+jKrYVhZ7RH8PpaJ12c","tlshash":"e5d24c94b73abc62339d908990370713b27659e7484d9020f7e59ea231b5a43c2fbb7d","size":29933,"data":"","first_seen":"2025-09-10T10:32:48.528015Z","last_seen":"2025-10-09T08:36:47.172805Z","times_seen":768,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_0f97545e93.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"6f4d800a0f28df5fb48904c1504fc345","sha1":"fa4d03d18c76124ebc1db7386aa9e1a83ebb5a38","sha256":"039b56a4d68f9fb1c1c3caab68666f7ba2092548cf9ec050af52a5472dd2e130","sha512":"fa3e4a717e122659ffbbf8d5c3e483106c750040eb5400ad6dcf5c92b76f04eb51a5f0c62442ffc2ac167f93798447de33c5d4c435d205af6ae21a64d30927ec","ssdeep":"24576:qQO3ln7dgdFmUmKCE5/p6qs9/m82+nCAs49z:pO3ln7dgdFSKCE5/p6TCAsQz","tlshash":"98659d44f067bc222ed784eaa4770142b15c5a5d940aaca0f2faddf837ce551628fb7c","size":1478180,"data":"","first_seen":"2025-09-24T10:08:54.372708Z","last_seen":"2025-10-02T07:15:42.711174Z","times_seen":264,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"7bcdb973ab8af8e24ab11cb554a1ba6e","sha1":"24e8a10f240f2b06f81d7c173cd0a90606641fc1","sha256":"916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd","sha512":"1d890761e2a00081531fda5c0489ebf4df4140a9748bdc6d97bd355023e3e4ab09e19663ab319cf775e28ba71d99ab09f20d5414a561fa10fa3be2cb874484ca","ssdeep":"","tlshash":"e380044710411010cdd351d040573c44001044f114c4dc500040fdd11c53030110545c","size":34,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-04-16T20:55:29.206561Z","times_seen":13415,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4cc09695db8f48568810d71665594812","sha1":"ce91f061a58d4b9709738b0b20645152f93cbeed","sha256":"d7fa26b9676e8ab6d2473e064c5cd04c184b2296c0726f7d292b6a0f83d3f0d9","sha512":"347198d29bac6e03a5c4f1aab09894841a11c762f8fcbaea08cdf20b23a135f0e8f0e9f58c5bfecdeef613bd49f67565a1d783c5970558f55304ca579eab8625","ssdeep":"6144:PBJpmM2/0NpXYqkD1gIui/RPG1SvuVcUGq3W6D:5zmL2YlX/Dli","tlshash":"6ba4f98e73c674265396f478906f01cba9bb24a2b49cc8a6b1c9dcf02d7459a4137f7c","size":492757,"data":"","first_seen":"2025-09-26T02:50:42.659002Z","last_seen":"2025-09-26T12:49:16.716161Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/commons/app-c4e0fd47.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"7272b2d29e616d3c5ce30922a6fe5883","sha1":"7f980757167a1c08d04561267d87626327fa044f","sha256":"6d0a75a23c1abc8fc554448fbf3d36d3608214b0c5d72a2c193c82005804e378","sha512":"db1255659ce5ab4a26384abd045956e5e4ece557b991ebec349e91dfb9d5cc0a3bdd73a826541c41595fdddcc9509102829fccf5a1ad878da695556774d9d6d8","ssdeep":"1536:o0UiXH2DHJjIAG3wvvjE+gjmZVBHCrmh6G5YGf7BMr3y6MPS+PWKmjKPtF:HXHUp0qXjE+gjmZmmXYGNMrEXP7","tlshash":"3ad3d5dcf695b03117e721b5407f150bf23a7898680ac0a4f266e8d53db888ea167f7d","size":137774,"data":"","first_seen":"2025-09-24T10:08:54.322344Z","last_seen":"2025-09-26T07:36:11.231441Z","times_seen":52,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/app-7edc2b8f.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"03e0e09a926bb3695b2195ec176325e9","sha1":"50c1a2e65cd7668f6b99c58d27a24b5d89f6d819","sha256":"2ea8e0c7c619e85f37b8afb083197533fc87c0bc74742266363ddf25056713b8","sha512":"b50d0a61a9f63de57efe07746518c204deaa25aaf043ce5f25b4e466be1232654c976788f41a5d7e2fcd110cdbcd9f8cde3f58027d1475856774a7281daecadf","ssdeep":"12288:A/3cbVDPZ4KNk+SPgF7jcupM/7dek/YVn:A/M5TZ4ZgF7jcupM/73O","tlshash":"a2a45ca5b5c8f48a02f34bdae03b0061e33916a9380dd064f779fdca359bc05916a67f","size":485648,"data":"","first_seen":"2025-09-25T12:54:38.921717Z","last_seen":"2025-09-26T07:36:11.203007Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"83e311eb8e222d229b6177bd007ce9eb","sha1":"96b851ffda0eab794c2bb637255a48ae25770144","sha256":"d0ff62de588e1c47eedbd91a89dcf394e2ec5bd09392ea556b9a34108077e9ad","sha512":"fd2e1bfb6588598e356ddc08724c2e6f602b89626b30eeca2c25b8f60340f25e28a761b8e13b75d1627172530abf7dd0e586e792f53759d08bda626145f65b0d","ssdeep":"","tlshash":"202112debed2b5908394188c4e2ec055f23a2957641ce6fcd765e7827c403a186f3c1d","size":1297,"data":"","first_seen":"2025-08-22T10:11:14.559442Z","last_seen":"2026-03-04T04:00:43.42063Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PJNUBKRP.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"7e7ebd44e3a6550f862e122ab7df6409","sha1":"384ecbc3ab0f65e6b0f88c1e68ba3eb73fad4999","sha256":"138767518a09e63d24f918f6380923893a2ec3aa59a640e51c83517501823076","sha512":"e2766b50e289dc6a69fa30432a49a0b7743f15cd15a54d707959c7623f258057a821a94285c492746216cfbf815089309b6cc09b930ba7977ff9c4ffc352d76e","ssdeep":"768:wDKAOpvMewHFuM96WwZACjzz46zSTKsBE1OvFXfX1UXk:wm8uPW43zEIOvdlUU","tlshash":"a5d2b68c7799f02683bb3070907f580ef237a912594d90a0e591e5f86dbd75c822bfad","size":30277,"data":"","first_seen":"2025-08-22T10:11:14.535778Z","last_seen":"2026-03-04T04:00:43.425133Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"2ff11c25bd2198e908b1dbbb12e99c29","sha1":"37d02026efb587b97ce0bb05618feafc04c57961","sha256":"12a06a70a85aadf1940b4826335d50ca58f10efb75e1c907140a386591086cc6","sha512":"d0259677c2bda4bebfe19416126d9966c7cc0a0b45c210a27c9e81e16f6e5d7ad54bef4a68729c375fa4500e9c6bcda40ba5ba101571b2e02c6376731312d6a9","ssdeep":"6144:eSZQiNBofgFPyA7mkkHIs9UfRrbg06TwHg:jQvYFPQrHrOfRrbfSwHg","tlshash":"2f64b57cfefb9c2af3c908a676f25559da642f6500d98249a703ff0faf46c05a234805","size":337093,"data":"","first_seen":"2025-09-26T06:11:02.621365Z","last_seen":"2025-09-26T06:11:02.621365Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66\u0026cx=c\u0026gtm=4e59n2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"697f0267a7db21072905460aa5230e90","sha1":"40f0f7d86936c93ef70e432508b5e337be98717b","sha256":"cb47d8434ea071d1130ba96d762ef5cc7e8446b9c3b141784d433623a3f3bd27","sha512":"ccc6f9672378ff8cc515340bb36f301351922179c3e19aa9c8ffdcc279eb76d421b7a318976acbbb6edd7eba6e255f16dccf78a994c834ddffcdc93cd2d138ed","ssdeep":"6144:PBypmM2/0NpXYqkD1gIui/RPG1SvuVcUGq3W6g:5YmL2YlX/Dlx","tlshash":"c5a4f98e73c674265396f478906f01cba9bb24a2b49cc8a6b1c9dcf02d7459a4137f7c","size":492776,"data":"","first_seen":"2025-09-26T06:11:02.523598Z","last_seen":"2025-09-26T06:11:02.523598Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript,export const meta = import.meta;","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"6d772b7d405b447ecee54ab61cdd5108","sha1":"dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7","sha256":"b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b","sha512":"a3947640368602c9fd9dee887bb1a7e463890ff42e2ddd292c377593c5fad246d3e3363e9898cd1e5ecda9c59b5cf7c7cd0acfc2a5a1e5d3acec2cf0d62e20b2","ssdeep":"","tlshash":"1f800003800802380aa0c880028e80b00ab222203f00c08328088b302e3b08aca332a2","size":32,"data":"","first_seen":"2023-12-06T14:32:28Z","last_seen":"2026-04-16T20:55:29.217315Z","times_seen":7959,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"domTimer","is_inline":false,"md5":"01f4b51b4ba7edd00ad9f0a22259f06e","sha1":"00723d0eda4be61a7b1c542b0a08a94a94a60017","sha256":"9fdac1c31a22f55dbb8ca225ee28c3f7e88b41cce82968af0018c9f8b3bd35ba","sha512":"83d180c9960a53f88da3e3ff8616b4e095b7d642182f5855cfa386d48a19b888fedbde6433d1f926d9dd93d0a813a24590591729a6d8393543dfc490efee2070","ssdeep":"","tlshash":"29500000c000c0c0c000c03c0000000000003300c0c00030033000000c3000c0000003","size":10,"data":"","first_seen":"2024-09-21T15:04:59Z","last_seen":"2026-01-22T06:40:31.224966Z","times_seen":5888,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1c99cd8ddb.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"dd40552dfc1f96b11eee0e93bed8e11e","sha1":"ea3d9191b850b52efd0fca9a483775a0e4391c69","sha256":"6978d2c2ba3b967b6d19039366cf78da45b0ea320d48ba7c00bcafab3af3cea7","sha512":"0a0f4eb8fabb069d65a1d6200544c02c16c96363b17d761df477563b2569bc670da5e900972879e95b6c435baee02cf89d05d047a123f17220c72550b345adc6","ssdeep":"","tlshash":"0a51d7dc6ef878b8280d8e5af41630619b481c5b36ade8e5f68d8f940320298e251e41","size":2980,"data":"","first_seen":"2025-09-24T10:08:54.350242Z","last_seen":"2025-09-30T08:01:23.622101Z","times_seen":136,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/99f79ba341.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"22c9a2eb8969ba132021966eafeaaf05","sha1":"cce396fa70db1059e082c20ce6f892bcc096a4dc","sha256":"8ab830a034124318bace4f95e8d578a319730e4e6f09b6681e9c7d7d6af526b6","sha512":"18946c49a97ad078e628bdba7205fbb4ef1e9f224b23d5004674b4aa3f01301b9df4e3e2c536296733a7dc3c070fb6803fdfa2ab301210c940faec8e0a91dfa3","ssdeep":"","tlshash":"fb41a6dab2b035f7e677519ebd0660f0c2082b9d132f10e8dee9884e210d9d22767793","size":1973,"data":"","first_seen":"2025-09-24T10:08:54.344059Z","last_seen":"2025-09-30T08:01:23.630025Z","times_seen":136,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/captcha-api/assets/hunt-captcha.js","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"cc87b27db434ca92aea6e1a1ceb5b78c","sha1":"905e65010d66d0bba5836f44cfb27ad9cda60051","sha256":"b7c2d216440e81574ce9b359404af25382d21f6d06b31162e1d56d97e721f117","sha512":"c93461ca41050b2ed4cf5724b61293de852034eb5cd9856e5af84ca3569584db0df14c267a9350839d3fbc4b536d416a56b8b7b0cc4f67c7770660212dc99912","ssdeep":"768:mfqz/IppUgutFIIfCpFujCbsboXim9ifscjA6NecfjCdjhACLiZhT/rAztF1TP7C:xEIW0BLIS","tlshash":"0693de857de2c08793d35bd6923f4cd8e87504cb66966f488812f91bf9ae86783d4833","size":90808,"data":"","first_seen":"2025-09-24T12:37:05.081519Z","last_seen":"2025-10-24T09:11:09.901149Z","times_seen":1174,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"00beb9884d0391b342eadd30744b539a","sha1":"3124c0bd593822379d22f13d3e08e70a1bf5ea14","sha256":"92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c","sha512":"6fa2e21df54ca406f570cb639529d68edac5de27fd4bc3a9daa8fd0465b583ede1c1cabb550237deb75d8bf88f39e80c1a77777d794826ad3272630108e58661","ssdeep":"","tlshash":"539002492940210685661152001e5c58411491b094906c9140429c551d52020125ab5d","size":44,"data":"","first_seen":"2023-04-14T16:26:15Z","last_seen":"2026-04-16T20:55:29.199208Z","times_seen":13406,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/vendors/plugins.v-tooltip-1f49d308.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"4b5551b940cbd9aae68abe990e25af0c","sha1":"9ce235829b357ad391ed896d870714e09b862793","sha256":"7c02b684fb5f7a71513d62737e5ca842e02342cafdb70c0bd4e7ac14992f7aaa","sha512":"5364a78fad28780ca2429f0fe07ca33038285bbf00da8a0ba71f305c013ed680f43043489d83e26e6af517b8008d26fcc6c4695d6596d8aa2f978777b1e77170","ssdeep":"1536:a7Q9cPRwafmGHK4qTPRSCv1MHDWdRfm5Xr:wQexuG/qTP8wqWRfmN","tlshash":"ce73c88e72d0f0b603e7b1b5402f620fb2776518b40ad454b2b1e6d4ac3da5da267e3d","size":76824,"data":"","first_seen":"2025-09-18T09:12:41.68522Z","last_seen":"2025-09-26T07:36:11.223592Z","times_seen":188,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"bea5b052c307601192270938523fa030","sha1":"937f7094c67f5a92c1032a7bc3f21ee94bec66ef","sha256":"f41290374ba615854ebb4b28a07de775581707f3b6427bcc01c0529c62476f64","sha512":"b9bff7f7d9b518ec76898a732114873c01206378c2a840c62062f05487ef773716ce841d7a5bafe3f0c65fbfdf05509852571a3a6b381661cb6f4984d6bc23a9","ssdeep":"384:ZP7iayBuR9vu3z1JXvykd2+LaqHdC6RjVnTGm/7piCXmH8kCCcvJTCyCu+meAxiZ:piZwO3XvO+NMSJt3XmckXcv4nxJAxiH5","tlshash":"7b92a28c7684b0a287a7a2a7a07f860f71376865650e9004f59cf6ec3c35dba507bc7d","size":21252,"data":"","first_seen":"2025-08-22T10:11:14.555802Z","last_seen":"2026-03-04T04:00:43.408775Z","times_seen":3920,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/Page.Block-83a33183.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/Page.Block-83a33183.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 476\r\ntraceparent: 00-f7827bdaed7cff89c6b8415596f51ed5-7497277dd796c56e-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: \"6c1d6f4fe59161af2cb3426ac40f8979\"\r\nx-amz-meta-mtime: 1758801842.763222238\r\nexpires: Fri, 26 Sep 2025 12:24:31 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63819\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:26:46+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":476,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (476), with no line terminators","md5":"6c1d6f4fe59161af2cb3426ac40f8979","sha1":"05cc3ca5df736934e9f630b456fa4e6910d45e14","sha256":"44479f0c94bbdfd4e0665f5cacb8d21c79838faf0626a361b938faf9bd04e2cc","sha512":"3b7b943e18a889cc8c031b8e579d14f133130699280581f7d8c02b355fadca6b8419d22830f0ad5906574541317f71221bdcca38af75764aabb8c0096f57a66f","ssdeep":"","tlshash":"4ff09e9f5472fc8d95e610d343b7c1f7b48c7a7a0649596046a1c8b532f785a4c2124f","first_seen":"2025-09-24T10:08:54.34525Z","last_seen":"2025-09-26T07:36:11.209076Z","times_seen":51,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/bff-api/config/group/get?groups=d.technical\u0026lang=en","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"GET /bff-api/config/group/get?groups=d.technical\u0026lang=en HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nis-srv: false\r\nx-svc-source: __TECHNICAL_PAGES_APP__\r\nx-app-n: __TECHNICAL_PAGES_APP__\r\nx-geoip2-country-code: ru\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; postback_watcher=; auid=uaJaGGjWLlB9f0OFA+NJAg==; window_width=1920; che_g=8fd91726-ba95-4929-af8d-9768ced2f04f\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ncontent-length: 742\r\ncache-control: no-cache, private\r\nserver-timing: dt_total;dur=0.077, bff;dur=1.54, wf-uht;dur=0.017\r\nx-cache-expire: 734\r\nx-cache-hit: 1\r\nx-dt: 285\r\nx-pod: R-z5qch\r\nx-time-ng: 0.007\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":742,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4eb311659e468207be5833d01806a6bc","sha1":"5470741fa048379479314630596a5491a24baa52","sha256":"614a8b74dbb5809ee856b8f0d67ef11d72c7b5d7180d3a9929915e02f5254c76","sha512":"95bbe62d24bbf459cf43f18c530ac8ad75d53fa70c368d05efbca987c19d2f6a0e0b7f5bf74e91800a90617a01e5bda9642b5da3841f47842b87aefe26a9df52","ssdeep":"","tlshash":"c501845e00a5ca3d706c063adb865e109eed502b3284b851fe0cacac60d6ddef95680f","first_seen":"2025-07-18T16:37:04.833261Z","last_seen":"2025-11-06T09:03:00.039673Z","times_seen":977,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ncontent-length: 241\r\ntraceparent: 00-777cfaae855b91acb0567a4043925673-666844bc48327cbd-01\r\nlast-modified: Thu, 27 Feb 2025 13:24:25 GMT\r\netag: \"39257fbb62736206d5245e08925d7b60\"\r\nexpires: Thu, 27 Feb 2025 14:48:35 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2495\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:28:51+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":241,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"39257fbb62736206d5245e08925d7b60","sha1":"4c11e3cb6a16b884772b88acdba30a2ad98e86b8","sha256":"3a3cf0f5c60899ffb49d9825516aec475fd7b78cea8ae0b5b58dfb4e658f041e","sha512":"e9b44ac92bbad9c54e500f735f553154c92897c80700709b61b39443f76edbd1d3d38d0d6014e6052cc5f5931b78c55194e308c86336f809de1541efa1e0ac8f","ssdeep":"","tlshash":"58d02e40f2e01833201f94f981b5a109e74b0b03e402a808fa0c21881bac8252426c3a","first_seen":"2025-03-01T06:06:39.04916Z","last_seen":"2025-10-28T05:34:45.039411Z","times_seen":3826,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/hd-api/external/assets/hdf.js","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:34.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"GET /hd-api/external/assets/hdf.js HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/en/block\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; auid=uaJaGGjWLlB9f0OFA+NJAg==; window_width=1280; che_g=8fd91726-ba95-4929-af8d-9768ced2f04f; SESSION=5a54e7ecd3fa7b7923a1336947d1cd3f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:34 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 1687\r\ncache-control: public, max-age=300\r\ncontent-encoding: gzip\r\netag: 0009b06af6892358f6c573335f102046\r\nvary: Accept-Encoding\r\nx-dt: 455\r\nx-request-guid: 48274962cd1f450ca7078c9f5def42e0\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.039, wf-uht;dur=\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4203,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"C++ source, ASCII text, with very long lines (874)","md5":"0009b06af6892358f6c573335f102046","sha1":"cb899ce5fb6756d389a12e5049f2180dec2366ed","sha256":"540a50ce4665aa5a15e6afcdf7a260860e1896e77955c7ed128d1e6489bedac3","sha512":"83e9ce72ca4725bf501fe711538455aaa2fb278095d4d3938615b1907416446b8a8ed1f4f34fb296ea4c9a6d6b6e0fecbe31afa240305e7d23baa4145b2cd1c8","ssdeep":"48:Pen1yuqKi6649JoXznZwhU6fINwld0mPr6eC5/F6ALWBl/NR3vMNNeEcxHb8JiTP:Y1yuqKioolwHgObfENerHbkiTgRx05","tlshash":"d581323660ee2d3153639052d53fe5e9f229a8073968ec4831fc588a0f40f6189b2e3b","first_seen":"2025-07-24T09:34:40.995531Z","last_seen":"2025-10-16T23:35:31.258248Z","times_seen":2029,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_542ed6.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.301Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_css_542ed6.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-eabcdbbb0a5b9488e1ba0cafe7cf1037-328031587f26801d-01\r\nlast-modified: Thu, 25 Sep 2025 06:54:57 GMT\r\netag: W/\"7eb4f3d4c97ec66a32269ae3b07d7653\"\r\nx-amz-meta-mtime: 1758783280.138416347\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 07:58:36 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 79909\r\ncache: HIT\r\nx-cached-since: 2025-09-25T07:58:36+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11025,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (11024)","md5":"7eb4f3d4c97ec66a32269ae3b07d7653","sha1":"e31f7fc270a78d455c90a57d8c365bccf6ebdfb0","sha256":"542ed6b44d2771468d5e5d4c77dfddaab1f7d4169bf692a087c56f024d9813dc","sha512":"02195935d732af0ae4dceecb4677bcb4ad90d284dfbd27a707ee927fc587fb3a9bacc8bd8cf315ee025b67d1a53b33fb0e9ced17d24ea019deb2a0be9765ec37","ssdeep":"192:mLhA5ZO73iyDDW7qE/eVgnmnh8RbxJEU4PuiPBvDDQ7qOtIZ4Io:QAXOLisDUqE/Y8RbxUuwBLDCqOt24v","tlshash":"cc3226adc9e495231d26b5216388be7c85f0f06aee314e55f80ec6104ad3f9f15e0e79","first_seen":"2025-08-13T23:36:01.800779Z","last_seen":"2026-03-04T04:00:43.402045Z","times_seen":3922,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":185,"dns":17,"connect":3,"send":0,"wait":1,"receive":0,"ssl":168},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/runtime-c8eb0ac0.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/runtime-c8eb0ac0.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-2b7f5d3b15d15220d8b89390791fd68d-6c6531b8ee533c2a-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"8a03bc8048aac7906955d98d697c5639\"\r\nx-amz-meta-mtime: 1758801842.77822229\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:22 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63819\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:26:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17477,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (17477), with no line terminators","md5":"8a03bc8048aac7906955d98d697c5639","sha1":"7861306ed76d15b4c7e7f2f2bfad5aeb1575bb90","sha256":"efcd061b79d887eeb1ed526c8d44117996fcfd82c2eae11ba066072f8b48bcce","sha512":"6ec1945b287336576b56b6ab1ae6ab53b8229e917664e99a201d59620668f3824e7292ecc35589607353c6768716a7367c32126fb1d4e46b8b89f20acc8f59ba","ssdeep":"384:xe2xBMWItnjn6hy4sQr/BMWItnjngGFGs03vRuzXMy1WI:06RItT6hy4sQr/RItTHsV/QzMiH","tlshash":"a6721e9d6f1acc675d62dcc338213d25586824375c4607ece6fee2194008e68b6afe2f","first_seen":"2025-09-25T12:54:38.931714Z","last_seen":"2025-09-26T07:36:11.236453Z","times_seen":24,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/css/b19ccea5.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/css/b19ccea5.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-012e9c543715d8c6d0c76cf900a29fe8-f1ff05b792cad1d9-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"9d6ce822f4da1863fa29fd993db460e8\"\r\nx-amz-meta-mtime: 1758801842.770222262\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:21 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63819\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:26:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15191,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (15191), with no line terminators","md5":"9d6ce822f4da1863fa29fd993db460e8","sha1":"4c92312270347c980ed977bca3798a2f08f69ba8","sha256":"572dacbec65881a30fe44951c74aebf8ff81fe01a6a28feb79b7a7018246291e","sha512":"5f394602c6f1661c61cc15500417b4ba7ed37d835160076efabbd63e1773d5f8a55a66a27133c5f8b778b3469e82a90ecb82ddfcb632939954f85e0ad42a69a1","ssdeep":"192:HONOH7nvxxxY4lctZLJh6N0dtu8yvrs9lvhvuvoQwltoQrNTC4cjWnk3LbBQ:HvJxxY4MJJqJQr9C4GWk3PBQ","tlshash":"be62b61fd53692b21d238c51728ebf383539722628a65735f44e26488ddbb9703d0fa8","first_seen":"2025-09-10T15:54:14.303814Z","last_seen":"2025-09-30T09:48:19.797993Z","times_seen":515,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":54,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_accept_language_parser_LEQ4UAP5.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-89d6269cab26b126ff72a84c7b73c361-228dabfdf69dbf71-01\r\nlast-modified: Thu, 25 Sep 2025 07:47:44 GMT\r\netag: W/\"83e311eb8e222d229b6177bd007ce9eb\"\r\nx-amz-meta-mtime: 1758786405.760398586\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 09:23:07 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 74234\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:33:12+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1297,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1265)","md5":"83e311eb8e222d229b6177bd007ce9eb","sha1":"96b851ffda0eab794c2bb637255a48ae25770144","sha256":"d0ff62de588e1c47eedbd91a89dcf394e2ec5bd09392ea556b9a34108077e9ad","sha512":"fd2e1bfb6588598e356ddc08724c2e6f602b89626b30eeca2c25b8f60340f25e28a761b8e13b75d1627172530abf7dd0e586e792f53759d08bda626145f65b0d","ssdeep":"","tlshash":"202112debed2b5908394188c4e2ec055f23a2957641ce6fcd765e7827c403a186f3c1d","first_seen":"2025-08-22T10:11:14.559442Z","last_seen":"2026-03-04T04:00:43.42063Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66\u0026cx=c\u0026gtm=4e59n2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:36.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtag/js?id=G-7JGWL9SV66\u0026cx=c\u0026gtm=4e59n2 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 26 Sep 2025 06:10:36 GMT\r\nexpires: Fri, 26 Sep 2025 06:10:36 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 157713\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":492776,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)","md5":"697f0267a7db21072905460aa5230e90","sha1":"40f0f7d86936c93ef70e432508b5e337be98717b","sha256":"cb47d8434ea071d1130ba96d762ef5cc7e8446b9c3b141784d433623a3f3bd27","sha512":"ccc6f9672378ff8cc515340bb36f301351922179c3e19aa9c8ffdcc279eb76d421b7a318976acbbb6edd7eba6e255f16dccf78a994c834ddffcdc93cd2d138ed","ssdeep":"6144:PBypmM2/0NpXYqkD1gIui/RPG1SvuVcUGq3W6g:5YmL2YlX/Dlx","tlshash":"c5a4f98e73c674265396f478906f01cba9bb24a2b49cc8a6b1c9dcf02d7459a4137f7c","first_seen":"2025-09-26T06:11:02.523598Z","last_seen":"2025-09-26T06:11:02.523598Z","times_seen":1,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":61,"receive":118,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:38.110Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 405727e3-47a2-4abc-8d7b-08838cb86bad\r\nContent-Length: 109\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; auid=uaJaGGjWLlB9f0OFA+NJAg==; window_width=1280; che_g=8fd91726-ba95-4929-af8d-9768ced2f04f; SESSION=5a54e7ecd3fa7b7923a1336947d1cd3f; _gcl_au=1.1.1832195613.1758867037; _ga_7JGWL9SV66=GS2.1.s1758867036$o1$g0$t1758867036$j60$l0$h1914494561; _ga=GA1.1.1940189089.1758867037\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:38 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 285\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.009, wf-uht;dur=0.010\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"51a06451cfaa158a2a32a93cd5934172","sha1":"b4069a770a51a6f93b47e04482304583b88ce80f","sha256":"0e3b17eba3da7721600ad55222cff4c2a8cab192d1f436da3fd53d15544b2a25","sha512":"43f7db0cb42e2a82de86c9952c453d02e0579b53b76802b5123067cbe05ddef0b788ce13fdc9bd7bbbaf4a2440d330e371bb95d5ed428c4dbc4f2f6f2e849c23","ssdeep":"","tlshash":"977000000b08c203822022032a20a88800a8a203202000b8308008338080ea2000e0b3","first_seen":"2025-09-26T06:11:02.526265Z","last_seen":"2025-09-26T06:11:02.526265Z","times_seen":1,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-ui/2.3.383/Desktop/Default/client.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-ui/2.3.383/Desktop/Default/client.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-c682f7ccf5ffd112d009e87b9dd3607e-550b9457f3679a9d-01\r\nlast-modified: Thu, 04 Sep 2025 08:07:24 GMT\r\netag: W/\"7df1cf6a64ac46a18fa264f133c67557\"\r\nx-amz-meta-mtime: 1756973241.868664097\r\ncontent-encoding: gzip\r\nexpires: Thu, 25 Sep 2025 09:59:04 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 72619\r\ncache: HIT\r\nx-cached-since: 2025-09-25T10:00:06+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":598603,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"7df1cf6a64ac46a18fa264f133c67557","sha1":"4a93db01563540a052cd3e7007ab27a2eb96bc7e","sha256":"a132801d4daba56c41d70cd4a0913f849c625bf657fb9b43d4d6825d2d259877","sha512":"6bfb12489d3c00cb569178ea4df5ca1440bd6ee8200679f851ee5ec3e172ea84313bb2d25ab7c855b566ce26e49821106fa57489720dfbef789a230546609523","ssdeep":"6144:5cwRQ+kLi+LaBcLbaO0Tv9yOkrOvOEkR1I8rRH0B6NEL:YCvFJZvOEkR1I8h0B6NEL","tlshash":"b9d4961cf19d92393e37d62462844ffc6a21b7179b231c6ff85a014a0ec355371a6eab","first_seen":"2025-09-24T10:08:54.346757Z","last_seen":"2025-10-09T08:36:47.257951Z","times_seen":448,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":109,"dns":15,"connect":3,"send":0,"wait":1,"receive":0,"ssl":94},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6147dc85b9.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6147dc85b9.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-40aa77f14a8a0c6d067fe2e5f43a8831-b1a6e918fad873ea-01\r\nlast-modified: Wed, 24 Sep 2025 09:22:16 GMT\r\netag: W/\"b73bed50181c012f133f6aae4a69da3f\"\r\nx-amz-meta-mtime: 1758705689.751485634\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 10:42:48 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 70057\r\ncache: HIT\r\nx-cached-since: 2025-09-25T10:42:48+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2285,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (2284)","md5":"b73bed50181c012f133f6aae4a69da3f","sha1":"1826d3b1ec485876a8240d3250ef43fa0dbf7658","sha256":"6eec44c2601e34ffede82c0f79f5a1cc80ec4aec63ed4960e9260f757dd4798f","sha512":"01dccd364919af69cc280e3dae45ddfac2c9dd07f64e5cc4d45f9c28ca1ee944d7c61c23a6c95182f0827c083f0665638eb097c3e3d64daa41cee2086a3f45c8","ssdeep":"","tlshash":"ef417bdef8b9a5712d33e012d60c5ef95470b627c5214982f4cdd3a226c3a922db1dae","first_seen":"2025-08-22T10:11:14.526935Z","last_seen":"2025-11-12T13:10:30.998735Z","times_seen":2470,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":54,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_IMSSW3CC.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_vue_deps_IMSSW3CC.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-2e1ead1b936acc6e425b6555d05ad4c6-a5c51009dd545608-01\r\nlast-modified: Thu, 25 Sep 2025 06:54:55 GMT\r\netag: W/\"88a6fb60a16266cbe3ecb52fd8b93126\"\r\nx-amz-meta-mtime: 1758783280.140416283\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 08:59:46 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 76134\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:01:32+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29933,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (29792)","md5":"88a6fb60a16266cbe3ecb52fd8b93126","sha1":"eb542aa1fa7c81175d735276bc982753baa7a969","sha256":"992b792506b7364dbca69a628101f8ca3c278b1e3f5551e898d84d1537637b90","sha512":"3d9ccbd74fd0ca647ee3413cd66daadc156e03254f11feaf32e8786a9084734e36450753868cadf7a2c1fc8d59064a3bc047c0474ce46bce43566bfe758fea56","ssdeep":"768:GwZ1yyQBxrKWnaIlIO+jKr4R5Vx3zt7RH8PocaFz12c:GwWBxrKWaIlIO+jKrYVhZ7RH8PpaJ12c","tlshash":"e5d24c94b73abc62339d908990370713b27659e7484d9020f7e59ea231b5a43c2fbb7d","first_seen":"2025-09-10T10:32:48.528015Z","last_seen":"2025-10-09T08:36:47.172805Z","times_seen":768,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/77b401ad5c.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.976Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/77b401ad5c.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-e14ea5b4f2a6ceb6cd5846be3bafdfbe-f4a21312fa1bf502-01\r\nlast-modified: Wed, 24 Sep 2025 09:22:16 GMT\r\netag: W/\"670fa8e5c6b227843fb8d3ff8114d346\"\r\nx-amz-meta-mtime: 1758705689.751485634\r\ncontent-encoding: gzip\r\nexpires: Thu, 25 Sep 2025 09:24:35 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 74466\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:29:20+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1164,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1163)","md5":"670fa8e5c6b227843fb8d3ff8114d346","sha1":"f071e3dd1eb20508fc9dbc44ec023b620c0d0cb9","sha256":"23c5a22a417e9ce45446413ee45fa5098ffccca9859047e8ee08f227677ffd8c","sha512":"b1c49452665cfbc1e493f4cb0e8ad32305f881b54a162668b38073108d5606ed3fed0236d34d98a143b24300a0b95ce937884aef81a2a77c5774fafdef3ace2c","ssdeep":"","tlshash":"a42167703034e52b4bfb1bd888671451f72c3258672671d177cc6ea142a9506926e767","first_seen":"2025-09-24T10:08:54.271062Z","last_seen":"2025-10-02T07:15:42.634839Z","times_seen":193,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:35.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:35 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-cf0c25fc4f07ba3a28456456845581ba-f75df547e1e29fbb-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 618\r\ncache: HIT\r\nx-cached-since: 2025-09-26T06:00:17+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-04-16T23:39:39.988425Z","times_seen":10467,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:36.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 26 Sep 2025 06:10:36 GMT\r\nexpires: Fri, 26 Sep 2025 06:10:36 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 157576\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":492757,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)","md5":"4cc09695db8f48568810d71665594812","sha1":"ce91f061a58d4b9709738b0b20645152f93cbeed","sha256":"d7fa26b9676e8ab6d2473e064c5cd04c184b2296c0726f7d292b6a0f83d3f0d9","sha512":"347198d29bac6e03a5c4f1aab09894841a11c762f8fcbaea08cdf20b23a135f0e8f0e9f58c5bfecdeef613bd49f67565a1d783c5970558f55304ca579eab8625","ssdeep":"6144:PBJpmM2/0NpXYqkD1gIui/RPG1SvuVcUGq3W6D:5zmL2YlX/Dli","tlshash":"6ba4f98e73c674265396f478906f01cba9bb24a2b49cc8a6b1c9dcf02d7459a4137f7c","first_seen":"2025-09-26T02:50:42.659002Z","last_seen":"2025-09-26T12:49:16.716161Z","times_seen":4,"resource_available":true,"data":null}},"time_used":357,"timings":{"blocked":127,"dns":18,"connect":14,"send":0,"wait":71,"receive":39,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.no/ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-7JGWL9SV66\u0026cid=1940189089.1758867037\u0026gtm=45je59n2v897130004za200zb9180563600zd9180563600\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104684208~104684211~104948813~115480709~115616985\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104684208~104684211~104948813~115480709~115616985\u0026z=254939692","fqdn":"www.google.no","domain":"google.no","tld":"no"},"ip":{"addr":"142.250.74.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:36.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.no","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:39:23 GMT","end":"Mon, 01 Dec 2025 08:39:22 GMT"},"fingerprint":{"sha1":"42:CA:DF:AC:84:77:2A:0C:CC:0B:0C:7D:2C:7F:F7:A4:90:1B:05:F3","sha256":"4E:E3:F5:47:6B:82:78:8F:EB:24:48:87:45:0A:2B:B2:1C:6C:5C:89:6A:E4:47:C7:0C:F5:35:47:93:B2:F2:BE"}}},"request":{"raw":"GET /ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-7JGWL9SV66\u0026cid=1940189089.1758867037\u0026gtm=45je59n2v897130004za200zb9180563600zd9180563600\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104684208~104684211~104948813~115480709~115616985\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104684208~104684211~104948813~115480709~115616985\u0026z=254939692 HTTP/1.1\r\nHost: www.google.no\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ndate: Fri, 26 Sep 2025 06:10:37 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\nx-content-type-options: nosniff\r\nserver: cafe\r\ncontent-length: 42\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"d89746888da2d9510b64a9f031eaecd5","sha1":"d5fceb6532643d0d84ffe09c40c481ecdf59e15a","sha256":"ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629","sha512":"d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c","ssdeep":"","tlshash":"c4900023fa808000c3a8c2300a0b238a2b8c80200a28030b80ae208cec3a3a22c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-17T03:12:38.306658Z","times_seen":801195,"resource_available":true,"data":null}},"time_used":235,"timings":{"blocked":106,"dns":1,"connect":8,"send":0,"wait":21,"receive":0,"ssl":96},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f3f09a899e.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.303Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f3f09a899e.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 691\r\ntraceparent: 00-a7751f52797b1e929262ee9a114d365d-706c1d11b7b09fd8-01\r\nlast-modified: Wed, 24 Sep 2025 09:22:16 GMT\r\netag: \"66d9547b2e8b21b9cc566ffd2da94221\"\r\nx-amz-meta-mtime: 1758705689.759485807\r\nexpires: Fri, 26 Sep 2025 10:42:48 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 70057\r\ncache: HIT\r\nx-cached-since: 2025-09-25T10:42:48+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":691,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (690)","md5":"66d9547b2e8b21b9cc566ffd2da94221","sha1":"2334880db1e87c5f5c541abe181c930c76fb7246","sha256":"4a0efa233ab948edbc63842d56fd883bbe937e6ee81c75f87451de265e16abce","sha512":"ebf4510bf5bd211ec43e2ba7ee1bcc4cf43454d57a183afb90981ef94db20ccdfa077553219fc37b845ee2791a00f76f80b485d1514e80a947aab06623ae2e30","ssdeep":"","tlshash":"1101d81d3d2d51984977c3c02e984b850023f23b828a30e8b9fbc2187d8a6035a961bf","first_seen":"2025-08-22T10:11:14.566856Z","last_seen":"2025-10-30T09:36:52.111968Z","times_seen":2058,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":56,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/67921119830732f2181733ba7e9bf02f.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/67921119830732f2181733ba7e9bf02f.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-3a8d6e32f13c2b86fb2319ab8e7b56a9-411fc7a9a4f26a6d-01\r\nlast-modified: Fri, 01 Aug 2025 06:34:40 GMT\r\netag: W/\"b255cc6c6ca667c6f42f2d9ab151b21e\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 01 Aug 2025 08:07:27 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 3404\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:13:42+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7481,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b255cc6c6ca667c6f42f2d9ab151b21e","sha1":"a0c241d3c2fa56d392cc204f2d386046a5273a9b","sha256":"9c347db4287a13bf6e86c34baa07bf255437a85566ba14a77199a753b73a400b","sha512":"62bb36631dfa4cd6790efcf39ff920a0b11741cd1b5ecd936ecce083090c0336cb216eb28f838e05e27fff2509a6b8724d0f6c61349da57506e6eca112c8a294","ssdeep":"48:TzABBABGkABjABFygABCN/ABCNYN8ABWHABaEABzzEFABIIX4ABBxSHsABYiwABp:lFbClXCL3cblP+XyLO5GIM","tlshash":"e7f11784fff04c33112f94ad98b37a89a7884f07a95a7d1c7f9d294c1f1451a04aadbe","first_seen":"2025-08-01T12:24:56.656253Z","last_seen":"2025-11-07T10:46:34.805118Z","times_seen":2150,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/css/7fe5f71b.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/css/7fe5f71b.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-9851e7468bdb8959e6d34b0511778d6e-6306d252d48a85bd-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"c610b8710368de3bf2f1c5bb581b6a3a\"\r\nx-amz-meta-mtime: 1758801842.769222259\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:23 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63761\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:27:45+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3313,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3313), with no line terminators","md5":"c610b8710368de3bf2f1c5bb581b6a3a","sha1":"f67bc86785d434adb2e81a356a7926b8818ac567","sha256":"fad7111846310042401990719146401178f22e2618abf2b058e641b6495e8eba","sha512":"2dfecbd28b59bcf4b361736ce304f33792631b766506b80767f23033cbd37c1a83371af59b833032390f647b69824e9eeeb1f99530e18047f74cd30ffda0e5b1","ssdeep":"","tlshash":"0161c13e9cbc24359e7f472b7053ce84e199a39092030f8afdbb755a4c8b21d3895176","first_seen":"2024-05-14T21:30:49Z","last_seen":"2026-01-22T06:40:31.190981Z","times_seen":5786,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 765\r\ntraceparent: 00-4908c8d84ab4dc64204a16132513a7d0-b2db04518a14252d-01\r\nlast-modified: Wed, 11 Oct 2023 12:52:53 GMT\r\netag: \"00f980f23f1b4c1ccee99ed49e0a8feb\"\r\ncache-control: max-age=3600\r\nexpires: Thu, 16 Jan 2025 10:53:47 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2651\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:26:15+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":765,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"00f980f23f1b4c1ccee99ed49e0a8feb","sha1":"4cb07094de9bffff1bf81d94446280b91013b660","sha256":"bb3be3377fbb8e66a4b5a8a3866dfd865a37cb4a96482ab2f439981e03b57cea","sha512":"45587feec47804731eb344682dd7465959a50f2f47e114e332e875097a9e2009d6fe41e8ff684fb287d935fd9c4d12a5b83e1fe310f3ceca6061d569502ac1de","ssdeep":"","tlshash":"80015701129f0ef21b4bc65a940b1c71b2a0c043936b8c8757baeb8f73bbd8b009584f","first_seen":"2023-09-28T10:29:17Z","last_seen":"2026-04-16T20:55:28.953899Z","times_seen":5083,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/DC-d7f81eae.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/DC-d7f81eae.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-607dfba54b18dc80e1fc4aeec8c513a3-758e54d5ca0ccf5d-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"f7ccc8398ed0b910f1918fdebc2b20e1\"\r\nx-amz-meta-mtime: 1758801842.763222238\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:23 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63760\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:27:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2201,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2201), with no line terminators","md5":"f7ccc8398ed0b910f1918fdebc2b20e1","sha1":"ea59dc9109418674d9795ccd3082258f18ac7815","sha256":"2076de92461a6c3b76ed6c987d61f3fdc225dca5ed71bafc854554fa56d6e8a3","sha512":"580952f877345de45889f2d272c412d32c2c676be42eab6275963b19343e0a87af56eab11f6ff5ad52a02fe041bd854956fc8a6c1a2076fe13547e229a504fc1","ssdeep":"","tlshash":"1041840931a4fc11d3fa1cd869ff7506102bf076648dc9b4d7a36a8b08b7f6aa217916","first_seen":"2025-09-24T10:08:54.288795Z","last_seen":"2025-09-26T07:36:11.218215Z","times_seen":52,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/ccm/collect?en=page_view\u0026dl=https%3A%2F%2F1xlite-93399.world%2Fen%2Fblock\u0026scrsrc=www.googletagmanager.com\u0026frm=0\u0026rnd=220213837.1758867037\u0026dt=1xBet\u0026auid=1832195613.1758867037\u0026navt=n\u0026npa=1\u0026gtm=45He59n2v9180563600za200zd9180563600xea\u0026gcd=13l3l3l2l1l1\u0026dma_cps=syphamo\u0026dma=1\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115691063\u0026tft=1758867036743\u0026tfd=12269\u0026apve=1\u0026apvf=sb","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:37.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:37:54 GMT","end":"Mon, 01 Dec 2025 08:37:53 GMT"},"fingerprint":{"sha1":"28:1C:E7:95:EC:8D:32:9E:63:9A:72:B2:8D:47:E5:13:F7:CA:5E:18","sha256":"52:99:CC:AA:BC:C4:15:12:9C:2B:FA:D7:97:2A:C4:D3:7D:B0:5C:E0:02:26:3C:8D:B2:4B:BE:89:1A:70:D6:31"}}},"request":{"raw":"POST /ccm/collect?en=page_view\u0026dl=https%3A%2F%2F1xlite-93399.world%2Fen%2Fblock\u0026scrsrc=www.googletagmanager.com\u0026frm=0\u0026rnd=220213837.1758867037\u0026dt=1xBet\u0026auid=1832195613.1758867037\u0026navt=n\u0026npa=1\u0026gtm=45He59n2v9180563600za200zd9180563600xea\u0026gcd=13l3l3l2l1l1\u0026dma_cps=syphamo\u0026dma=1\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115691063\u0026tft=1758867036743\u0026tfd=12269\u0026apve=1\u0026apvf=sb HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/plain\r\ncache-control: no-cache, no-store, must-revalidate\r\ndate: Fri, 26 Sep 2025 06:10:37 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nvary: Origin, X-Origin, Referer\r\nserver: scaffolding on HTTPServer2\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: https://1xlite-93399.world\r\naccess-control-expose-headers: date,vary,vary,vary,server,content-length\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T03:13:33.193802Z","times_seen":13844586,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en?tag=d_59749m_4096c_[]ALL[]null[]null[]general[]23362-103812-9792665_d30845_l112421_clickunder","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-26T06:10:24.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"GET /en?tag=d_59749m_4096c_[]ALL[]null[]null[]general[]23362-103812-9792665_d30845_l112421_clickunder HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:24 GMT\r\nlocation: https://1xlite-93399.world/en/block\r\nserver-timing: dt_total;dur=0.010, total;dur=49;desc=\"Nuxt Server Time\", wf-uht;dur=0.062\r\nset-cookie: platform_type=desktop; Path=/; Expires=Mon, 29 Sep 2025 06:10:24 GMT; Secure; SameSite=None; Partitioned\ngw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned\ngw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; Path=/; HttpOnly\nlng=en; Path=/\ncookies_agree_type=3; Path=/\ntzo=2; Path=/\nis12h=0; Path=/\nreferral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Tue, 25 Nov 2025 06:10:24 GMT\nreflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; Path=/; Expires=Fri, 26 Sep 2025 07:10:24 GMT\npostback_watcher=; Path=/; Expires=Fri, 26 Sep 2025 06:10:28 GMT\nauid=uaJaGGjWLlB9f0OFA+NJAg==; path=/; secure; httponly; samesite=lax\r\nx-dt: 285\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":253441,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T03:13:33.193802Z","times_seen":13844586,"resource_available":true,"data":null}},"time_used":305,"timings":{"blocked":107,"dns":14,"connect":28,"send":0,"wait":90,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/vendors/app-07a2126c.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/vendors/app-07a2126c.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-3bbdb320db379aee91c58fef723c8325-f4d5c43cfcb33a35-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"2702d767e9f58d61755e2dacb0f8cca8\"\r\nx-amz-meta-mtime: 1758801842.781222301\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:22 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63819\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:26:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":947111,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64882)","md5":"2702d767e9f58d61755e2dacb0f8cca8","sha1":"2e4669289af82390a559cfd61d68d5297d227fa8","sha256":"c4d7ce1f5722bbff73dc46399f8a8d4cf88aa2d4c519e9137a1f83c1c1ce9752","sha512":"c32a6890b626338019170763e5230c5af93f7b24b6585ff90ddaa9f197a285e890a8c1a916368bac56bf3dd9f3b8992be40b252fee3475a84ef1df5ee4c966b4","ssdeep":"12288:VbdQhOyvjhdeY4g1SCCmH4tohcxIz3oE/DTg:chOyvjhdeY4g1TvW2K6P/vg","tlshash":"2d154ba9b585f2560aa32be9d06b0017e32d5e5ebc0ce444f2e7cdd53a59804713af2f","first_seen":"2025-09-25T12:54:38.917274Z","last_seen":"2025-09-26T07:36:11.18723Z","times_seen":24,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/vendors/plugins.v-tooltip-1f49d308.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/vendors/plugins.v-tooltip-1f49d308.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-404618a3ae62746f1c6128388b4241a8-82099fbbde3cf320-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"4b5551b940cbd9aae68abe990e25af0c\"\r\nx-amz-meta-mtime: 1758801842.781222301\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:23 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63761\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:27:45+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":76824,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65476)","md5":"4b5551b940cbd9aae68abe990e25af0c","sha1":"9ce235829b357ad391ed896d870714e09b862793","sha256":"7c02b684fb5f7a71513d62737e5ca842e02342cafdb70c0bd4e7ac14992f7aaa","sha512":"5364a78fad28780ca2429f0fe07ca33038285bbf00da8a0ba71f305c013ed680f43043489d83e26e6af517b8008d26fcc6c4695d6596d8aa2f978777b1e77170","ssdeep":"1536:a7Q9cPRwafmGHK4qTPRSCv1MHDWdRfm5Xr:wQexuG/qTP8wqWRfmN","tlshash":"ce73c88e72d0f0b603e7b1b5402f620fb2776518b40ad454b2b1e6d4ac3da5da267e3d","first_seen":"2025-09-18T09:12:41.68522Z","last_seen":"2025-09-26T07:36:11.223592Z","times_seen":188,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/Betting.Core-413070b2.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/Betting.Core-413070b2.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-c864b67b216914e293b7d457261c8bed-fffd2290184fa80f-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"f094a0b6b28c3642bd4b50b8f31b5abb\"\r\nx-amz-meta-mtime: 1758801842.763222238\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:24 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63760\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:27:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2078,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2078), with no line terminators","md5":"f094a0b6b28c3642bd4b50b8f31b5abb","sha1":"7405b64f62938fbae640a241808b5cfc89c38426","sha256":"8bbc90bf03cb6d04ff808ff6f88cdfc006166683fe3b36fc914433e5fec307ea","sha512":"d44f1ea57248c05b4110e074acddb08bd84e583140526644c8649799414c0a5f7c8dc3120374241ef4a0e7cdc2b3ced184c121aab27235a2549095310892f799","ssdeep":"","tlshash":"0b41094a74d37884037e04ca41ff16e1f0a82eaa294c05a8e1829ae074b4ac6c0e7fc6","first_seen":"2025-09-25T12:54:38.951495Z","last_seen":"2025-09-26T07:36:11.176598Z","times_seen":24,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:35.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:35 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-4d135912a29cba808cf7d868dba3bd07-d6a5bbea8789bc3c-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 234\r\ncache: HIT\r\nx-cached-since: 2025-09-26T06:06:41+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-04-16T23:39:40.117834Z","times_seen":10325,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/hd-api/external/verify","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:35.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"POST /hd-api/external/verify HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 191529\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; auid=uaJaGGjWLlB9f0OFA+NJAg==; window_width=1280; che_g=8fd91726-ba95-4929-af8d-9768ced2f04f; SESSION=5a54e7ecd3fa7b7923a1336947d1cd3f\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:36 GMT\r\ncontent-type: application/json\r\ncontent-length: 824\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nx-dt: 285\r\nx-request-guid: c0df7c2d918a9ebf62083e52881cf7f4\r\nx-time-ng: 0.004\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.008, wf-uht;dur=0.032\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1035,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"369f1a9f319aa16c16305f8ffa8fcfb4","sha1":"0a5b57d9ae70a21945c3320744569792f70f74b3","sha256":"d6b52ca0f7769867d03b969e22504838bfdcb1e944dfc4b0288a5fd2782e10e6","sha512":"2318efda5b3ae52c9dd2023d7c4a862a50cb92f74bfeb8c3798be590f940ae12f7cea862204f418486edda3dbca87757b65dc955c665dbd3d9f6017af2803040","ssdeep":"","tlshash":"be11a895888e45df7725fc42127d180dd4dd6d5441619bf3a84ca961fc2cf5025073f0","first_seen":"2025-09-26T06:11:02.542757Z","last_seen":"2025-09-26T06:11:02.542757Z","times_seen":1,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":0,"dns":0,"connect":0,"send":46,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:36.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 26 Sep 2025 06:10:36 GMT\r\nexpires: Fri, 26 Sep 2025 06:10:36 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 124860\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":358019,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (4828)","md5":"3da27d3a8f068fb44f2a4276171cb873","sha1":"9e99f756479240a0c8ce2c606b97171a40b5c506","sha256":"9660741eae54b6da07e49fd9f25a9f35fff78ba6a0ea92f17026ee07cdd71448","sha512":"c004756b990b42689c482354af67cc8227985a69fad1ef47bbc3e6c0318d4d8a58b06ddd3bd131cc34cb8bea552480e4e9c871d1b2f7441708df0dbdd0681f0a","ssdeep":"6144:OpmMgZQpZYqkD1gIuq/RPG1SvuVce3CLq:8mWYlJ/Dm","tlshash":"e2742bcdb3c674664392a478903f014bb1bb6992f44cd894f186d8e42db4aae4277f7c","first_seen":"2025-09-26T06:11:02.544028Z","last_seen":"2025-09-26T14:19:11.839187Z","times_seen":4,"resource_available":true,"data":null}},"time_used":336,"timings":{"blocked":120,"dns":0,"connect":28,"send":0,"wait":36,"receive":47,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/destination?id=DC-14030178\u0026cx=c\u0026gtm=4e59n2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:36.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtag/destination?id=DC-14030178\u0026cx=c\u0026gtm=4e59n2 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 26 Sep 2025 06:10:36 GMT\r\nexpires: Fri, 26 Sep 2025 06:10:36 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgsrsghrgc:72:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascgsrsghrgc:72:0\r\nreport-to: {\"group\":\"ascgsrsghrgc:72:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgsrsghrgc:72:0\"}],}\r\nserver: Google Tag Manager\r\ncontent-length: 112922\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":321118,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5911)","md5":"cacd1a3a71c259de2526c097de7a9e1d","sha1":"e348431c649f95e83950af8768b0af47533d5921","sha256":"94c9c7ad5595c96a5dc4fd6b68cd4d07c948e60d0c1c8db7706e25d40bbdcb39","sha512":"d470d051de0799cbb3668245616ad3a185ae5728e3bd9f48f5c7d0043094b87dad431bd6f438f94d4dd5d887db149044d0d28cb4abae17a20cd2a358aea94405","ssdeep":"3072:yd2Lu/D62GmMgZOp90RP18YqkLPW8RthKUfgHwa6z0CZzm/uuxB/G1SvuV8fA3KU:bpmMgZOppYqkD1gAm/9G1SvuVcq+CR","tlshash":"a16408cdb3d674664393a478503f004bb1bb6992f84cc895f186d8e42e74aaa4277f7c","first_seen":"2025-09-26T06:11:02.545827Z","last_seen":"2025-09-26T06:11:02.545827Z","times_seen":1,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":50,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/main-static/6f67e0c5/check-ob.js","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.295Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"GET /main-static/6f67e0c5/check-ob.js HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/en/block\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; postback_watcher=; auid=uaJaGGjWLlB9f0OFA+NJAg==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 219\r\nlast-modified: Thu, 25 Sep 2025 12:04:29 GMT\r\netag: \"c065700c9c8c493403359e1f2baa10d9\"\r\nx-amz-meta-mtime: 1758801868.874312966\r\nexpires: Fri, 26 Sep 2025 12:24:39 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: wf-uht;dur=\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":219,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"c065700c9c8c493403359e1f2baa10d9","sha1":"4630fe729e70bdf63fa7ba6c84ec277fd1f51030","sha256":"1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4","sha512":"b2e1c73cb94f5e3ceb35c3662bf4d72baf800a9a7c64318b1db07d50e9c885dbd94821ef3b3916d1b8b4fabb8f45cb588834b41c6a8a7f4d2c3e9c3866083ee7","ssdeep":"","tlshash":"96d0a79fb900211406939267d12f8668807724973f008182500597e069b8f4c4b37895","first_seen":"2024-07-17T14:33:52Z","last_seen":"2026-01-22T06:40:31.153166Z","times_seen":6298,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-d24fa3ff9950d62184137082090f52ae-203d05ff76e1f9c3-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 224\r\ncache: HIT\r\nx-cached-since: 2025-09-26T06:06:41+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-04-16T23:39:40.117834Z","times_seen":10325,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/792ed53757.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/792ed53757.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-c52eda01fcabce3297f449ea21af55ed-def435e5377bcdbc-01\r\nlast-modified: Wed, 24 Sep 2025 09:22:16 GMT\r\netag: W/\"f6056e830277be5c82779b6fe03d9e4e\"\r\nx-amz-meta-mtime: 1758705689.751485634\r\ncontent-encoding: gzip\r\nexpires: Thu, 25 Sep 2025 09:24:36 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 74466\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:29:20+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3205,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3204)","md5":"f6056e830277be5c82779b6fe03d9e4e","sha1":"6f9b1c2f40091dbc71ba4d671adbf12d6e0cfd73","sha256":"14241f6033a8bd3219707f87df1af25202b099a44e9b68b3e834838f67fe5668","sha512":"a2772723fb3c2bbc5d5c6ce4d476b0a31c69bd64000987f8554c41873d89a205cfbc847a88433d9578d4bd06f15ae597ded183807776441180f5ff3bfe4eb3ba","ssdeep":"","tlshash":"6261c6c578b960f9790741cd3d927070e39a1db9139c05b1f2f9888823bd6c45b2f69b","first_seen":"2025-09-24T10:08:54.342793Z","last_seen":"2025-09-30T08:01:23.58765Z","times_seen":136,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/commons/app-c4e0fd47.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.704Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/commons/app-c4e0fd47.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-3c3cd998d1e3c6ec4639a85853ee4601-f0d66497446ffcdf-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"7272b2d29e616d3c5ce30922a6fe5883\"\r\nx-amz-meta-mtime: 1758801842.766222248\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:22 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63819\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:26:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":137774,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65476)","md5":"7272b2d29e616d3c5ce30922a6fe5883","sha1":"7f980757167a1c08d04561267d87626327fa044f","sha256":"6d0a75a23c1abc8fc554448fbf3d36d3608214b0c5d72a2c193c82005804e378","sha512":"db1255659ce5ab4a26384abd045956e5e4ece557b991ebec349e91dfb9d5cc0a3bdd73a826541c41595fdddcc9509102829fccf5a1ad878da695556774d9d6d8","ssdeep":"1536:o0UiXH2DHJjIAG3wvvjE+gjmZVBHCrmh6G5YGf7BMr3y6MPS+PWKmjKPtF:HXHUp0qXjE+gjmZmmXYGNMrEXP7","tlshash":"3ad3d5dcf695b03117e721b5407f150bf23a7898680ac0a4f266e8d53db888ea167f7d","first_seen":"2025-09-24T10:08:54.322344Z","last_seen":"2025-09-26T07:36:11.231441Z","times_seen":52,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-6ef10ac37a1fda6910546e234fcc0899-f429d20e0698e0b8-01\r\nlast-modified: Thu, 27 Feb 2025 09:04:01 GMT\r\netag: W/\"811ce3b7877d19901e45430cb6523d62\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 08 Aug 2025 21:17:18 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2496\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:28:50+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14232,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"811ce3b7877d19901e45430cb6523d62","sha1":"16a905115a678fdef3923f91c6f76cbab613e84d","sha256":"10fbb74dbac63abfe9c4f5a77abc03757ef3527a479d4ae70dc977b515eec8cb","sha512":"21a43d793bd4200ff9972a793442fe492b6a1699f20053c4f01695f69f918685bf30f03f778346c2f61bac40d2e51bb25360d0ffc15448200c666ab4edf38e65","ssdeep":"96:BDkGHVTSY15XWGsQfGJo/JamRKkmP9kDeD3LzwCyi8TunZh:bVTS1KXR9RKkekDGoCyXOD","tlshash":"59523d65f6f40c33113b98ae65f76a8953948f07aa6d7c293b9c2b4c1f1462e0076d3e","first_seen":"2025-02-27T19:55:39.119779Z","last_seen":"2026-01-05T12:50:32.841809Z","times_seen":4543,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_918e52e268e5dc5edce2137963c4ec2d.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_918e52e268e5dc5edce2137963c4ec2d.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-3096ef0b2dabb4078baa325edb091822-0ade454974e582f2-01\r\nlast-modified: Tue, 23 Sep 2025 12:08:05 GMT\r\netag: W/\"f04725061e19b696e7a924e47450026b\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Tue, 23 Sep 2025 13:25:33 GMT\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2143\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:34:43+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25867,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"dcc1b4b937051c4abf480787d8ba7189","sha1":"94d410a1b818ccea96a35c1ef29d7f51ec722c0a","sha256":"a7fc314998f5c61567df7c8460afca12220aa0054b4078423159e1ee4e6edf3c","sha512":"5fcff0bc7677a7fe90746ab439383e84c81d142524ee44df54688c4dd363a679201d4051859336b85199e6a1cce9792afe600f2808c510e0aa6412f9b2b0b280","ssdeep":"384:i/B1li0v05xyrLEMt6tI0EEfqQ4O4cN86WwTCu9o9V38cdZeXiG+/jtx:Yli4t6tI0EEf66WwTCV/QXiGsjtx","tlshash":"69c20c05285eeca6c3fb86b874e93bd672f089af5b625146fc48742e2c957c5610f40f","first_seen":"2025-09-23T12:38:46.594418Z","last_seen":"2025-09-26T16:24:33.002143Z","times_seen":93,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_cd2be805e68aeb4993fe6fb6fe90f69d.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.122Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_cd2be805e68aeb4993fe6fb6fe90f69d.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-7ca201c5941b436a86bcc4d7eb67cba8-1cd1f6727a5ac40c-01\r\nlast-modified: Mon, 22 Sep 2025 16:08:00 GMT\r\netag: W/\"698ffa45d5b6c8831b2e1746291c7122\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Mon, 22 Sep 2025 17:25:38 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1712\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:41:54+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23575,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"07cee6abb91255814c24472a1879f3ea","sha1":"74cfa000316aa6071374347fab34225c00c6350e","sha256":"892b55b9af328fac0b7e6a206737d66c13df3993ffb73f83d570e9108c6be06d","sha512":"2008ebb6416024a50cecb5ca75adc04ed74bb1c9731cd784f88953faf18c8f6d59dc73be5965089405200803cda95d7106ed35c00a9a48ef4520f094d3c89dbd","ssdeep":"384:JSUsZ6LlTYvzH5W8qD8bqBSxkhx+/Y5egwZwcWyP/vZHyTqC:HqLHuDDsxkP++3rg4TqC","tlshash":"97b2a54f9f688c7307c3060b7d8b6b9a26fe416876920819cfbd8a6d1375b91933349d","first_seen":"2025-09-22T17:37:21.085968Z","last_seen":"2025-09-30T16:18:02.506685Z","times_seen":234,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 405727e3-47a2-4abc-8d7b-08838cb86bad\r\nContent-Length: 88\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; postback_watcher=; auid=uaJaGGjWLlB9f0OFA+NJAg==; window_width=1280; che_g=8fd91726-ba95-4929-af8d-9768ced2f04f\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 285\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.039, wf-uht;dur=0.008\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d87efc9a23c19b3f6c121706436fa8f6","sha1":"f0030cec47af3ba8d9d8c987a920cac5def59cec","sha256":"e5c58d47ca1904cd57c1edca559cabdd6cf837cf0091911a73dbfc42f1ad2633","sha512":"1d1de998644c9452126b97a781881de0a6a31a2f2d8d03c7c48430ff613e654f5bd2548225bed08957be590fbb7273fd60f90aeb1205a3b2f783a48b38d18394","ssdeep":"","tlshash":"d67000e20a88c22202222023a202088c0028aa83000000302883c0280022be2000a0a3","first_seen":"2025-09-26T06:11:02.559852Z","last_seen":"2025-09-26T06:11:02.559852Z","times_seen":1,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_9b848ba427b59305d3df2cf0bc5dd080.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_9b848ba427b59305d3df2cf0bc5dd080.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-ffb4393cf64988935e7543a7b64102cc-8e31730c4b0587b6-01\r\nlast-modified: Fri, 18 Jul 2025 16:06:55 GMT\r\netag: W/\"c557f8f9061794bef4f6b3a5f96cbbb5\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Fri, 18 Jul 2025 17:34:19 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 588\r\ncache: HIT\r\nx-cached-since: 2025-09-26T06:00:38+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2352,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c557f8f9061794bef4f6b3a5f96cbbb5","sha1":"11add862eba30ce83a5f5c71ba4c53b305fd1774","sha256":"bf6a49d0686075ed43f0babe55f6b983cd8a2db79da3f31cc36c9f4d192130d5","sha512":"fe4bcb92b635b15ad1dfe2fed7b19c5bc14523a435815bb2cd572b20cf4b27150293acdee78753bcefa52eb6505124e20a4b46465fa161f0ad7841716909cc9e","ssdeep":"","tlshash":"b941745b733c55e5392841403d0d6d6a7b520168be9161c8fa8cdc9d332f8cae23b62f","first_seen":"2025-07-18T16:37:04.820544Z","last_seen":"2025-10-30T11:47:43.214083Z","times_seen":2348,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"refpa37630.com/L?tag=d_59749m_4096c_[]ALL[]null[]null[]general[]23362-103812-9792665_d30845_l112421_clickunder\u0026site=59749\u0026ad=4096","fqdn":"refpa37630.com","domain":"refpa37630.com","tld":"com"},"ip":{"addr":"91.186.207.144","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-26T06:10:24.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"refpa37630.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 05:20:15 GMT","end":"Tue, 23 Dec 2025 05:20:14 GMT"},"fingerprint":{"sha1":"CE:98:27:F2:5C:D4:EE:8D:48:29:62:E2:03:A1:54:2F:03:28:97:C2","sha256":"A0:7F:6D:49:5D:90:70:9C:E5:49:5E:D7:20:54:55:07:28:C6:B0:99:13:5E:37:4C:5D:6F:54:43:66:05:31:A5"}}},"request":{"raw":"GET /L?tag=d_59749m_4096c_[]ALL[]null[]null[]general[]23362-103812-9792665_d30845_l112421_clickunder\u0026site=59749\u0026ad=4096 HTTP/1.1\r\nHost: refpa37630.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 303 See Other\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:24 GMT\r\nlocation: https://1xlite-93399.world:443/en?tag=d_59749m_4096c_[]ALL[]null[]null[]general[]23362-103812-9792665_d30845_l112421_clickunder\r\nset-cookie: A_4096_v=0; expires=Sat, 27 Sep 2025 06:10:24 GMT; path=/; secure\nA_4096_c=1; expires=Sat, 27 Sep 2025 06:10:24 GMT; path=/; secure\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: wf-uht;dur=0.011\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"303","status_text":"See Other","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":253441,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T03:13:33.193802Z","times_seen":13844586,"resource_available":true,"data":null}},"time_used":235,"timings":{"blocked":98,"dns":4,"connect":28,"send":0,"wait":39,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/metadata.json","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"GET /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/metadata.json HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 405727e3-47a2-4abc-8d7b-08838cb86bad\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; postback_watcher=; auid=uaJaGGjWLlB9f0OFA+NJAg==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ncontent-length: 42\r\nx-dt: 285\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.117, wf-uht;dur=0.009\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8f4f5bc6f59dbd3a0eceef1b477f2244","sha1":"2ab067d5b2fd133eb78550512e86052a44c779de","sha256":"ef16d4e1393715bc1ad149540378eb0aac3cc29b4f5206b0bfedef5bc5af22d9","sha512":"270bef70a497df03e490f581b6f41d2d344ff71ef84663d4a9b3c021170418ab0d3530fc79fcb6b74a5b9555b9c00399b5499e8df770dd38bbce1be1ede51a09","ssdeep":"","tlshash":"c8900415450c40355110500351471ddc053c131311d0d4147c451c3417715d3141f0d7","first_seen":"2025-09-26T06:11:02.561342Z","last_seen":"2025-09-26T06:11:02.561342Z","times_seen":1,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:27.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 405727e3-47a2-4abc-8d7b-08838cb86bad\r\nContent-Length: 72\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; postback_watcher=; auid=uaJaGGjWLlB9f0OFA+NJAg==; window_width=1280; che_g=8fd91726-ba95-4929-af8d-9768ced2f04f\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:27 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 285\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.088, wf-uht;dur=0.011\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1e28373cf9e31957f5e4bcf33176bab3","sha1":"1fc5b3b50dd2630f1b3c24bd27de4eeb2e474047","sha256":"9db65c2831247cf926c4a4c4a878695f4420ea6bdc671df22a72e184fa7124ae","sha512":"6e9c3a81fdff5ee018bf62c02e531f8722ee2a7759f24118a5e4912a9476146af57a80aac0bce846322a0ae3458046828157cf1bfdd0d2011f1e2931fa01603c","ssdeep":"","tlshash":"0c7000222a08f0022220200b220208080028ea0300000e3028e2c0a30000aa2082a0e3","first_seen":"2025-09-26T06:11:02.5624Z","last_seen":"2025-09-26T06:11:02.5624Z","times_seen":1,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-cc1ecaf610221d87a1a571aed65ba079-15c3782321e8c453-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 608\r\ncache: HIT\r\nx-cached-since: 2025-09-26T06:00:17+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-04-16T23:39:39.988425Z","times_seen":10467,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_9c42170abd51c2bb1db6c73483b578d0.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_9c42170abd51c2bb1db6c73483b578d0.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-c51445d7a8f24f4dbed75f77abe18548-a545e4a9718927fc-01\r\nlast-modified: Fri, 22 Aug 2025 14:07:15 GMT\r\netag: W/\"91fb0d433be68bd4948def279aac5011\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Fri, 22 Aug 2025 15:15:32 GMT\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1135\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:51:31+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9611,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"91fb0d433be68bd4948def279aac5011","sha1":"24c344e621bb5b47a97b2782e6536312a55b190b","sha256":"fda453e9cb0c5070d8f8494de3d851761e79f31c28c9e91a769549941971de2c","sha512":"298cc31abb3b80932a4e646cbd2ad0ffa5c750d5d6c4120ddb3d4ca18228ad4f937c635c43570a157d9705533e816495d3ea0f91a019738d0c096f97cb4ff5d8","ssdeep":"192:HvhX8mmq4spyU7SKi5mD8jrUoIOFJM1YABslAByZhqV+2p+QvM9pKTp:HvhX8mmqdsU7ziUWJM1YABsOByZh4nMM","tlshash":"f012f01a817a0c57cfdbca827c495b5ce3a409b446b84cad8cf9c23e07a2765d6af354","first_seen":"2025-08-22T17:50:07.861297Z","last_seen":"2025-09-29T05:35:12.396705Z","times_seen":799,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/seo-module-api/api/public/v1/analytics-counters?project[id]=285\u0026domain[host]=1xlite-93399.world","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"GET /seo-module-api/api/public/v1/analytics-counters?project[id]=285\u0026domain[host]=1xlite-93399.world HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nx-app-n: v3-nuxt2\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; postback_watcher=; auid=uaJaGGjWLlB9f0OFA+NJAg==; window_width=1920\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ncontent-length: 107\r\ncontent-encoding: br\r\ncache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300\r\nx-content-digest: en6d0e5d6e0146a49c358c0eaad1d2ef38\r\nage: 364\r\nx-request-id: 9e6ad716933e4629f6dcf6613c42d50a\r\nx-request-guid: 9e6ad716933e4629f6dcf6613c42d50a\r\nx-time-ng: 0.006\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: p;dur=1.2810230255127, wf-uht;dur=\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":105,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"6abfe5f6641fddde82c2ca29cf5c6a7a","sha1":"958379bc84073d266358a27b3cf86b15484f5f6d","sha256":"ede01772dfd8da2cc82f245e454ce360b2ceb13b7d1c330bbc1d68fe41255c19","sha512":"ecbaa34447669af053d49cc9b252812fc653923247f4b9e3629a55ba0cd919810e81b0f8be8f11a74401e0ed9c889bc7e6b02587b289c3b41142505b6a8fb42a","ssdeep":"","tlshash":"1db092219588ecb825036880409e1813d47870658ea616404d10c772806c1143421b7f","first_seen":"2024-05-18T12:55:24Z","last_seen":"2026-03-30T04:38:43.789364Z","times_seen":2956,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-20da4d518d.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-20da4d518d.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-9ec77c242572bdc769440e794d6fd8a6-0bce4325f54dbabd-01\r\nlast-modified: Wed, 24 Sep 2025 09:22:16 GMT\r\netag: W/\"8d108058058de66245a8ee542525803b\"\r\nx-amz-meta-mtime: 1758705689.759485807\r\ncontent-encoding: gzip\r\nexpires: Thu, 25 Sep 2025 09:24:25 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 74467\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:29:19+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":28560,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (27969)","md5":"8d108058058de66245a8ee542525803b","sha1":"fcbb66885410e09d3333846fc3ef1da5efb01444","sha256":"5ff9dbafe7d7e6485c1ffd410778755a77e543c54d2d60f97e393c9604edbacc","sha512":"c99a841f9a29917f11ecff3c45a9ae3f250ae080cc2218c786c085778157def1bbfc7b9d327c971b6bfe45cb6e69094308ab5bf83108660c3ace5b26830f0000","ssdeep":"768:HpKJtdVXvHtm6ijJl2og1RExitQcSdW4nfd9Zig9NYVH/NK44vu3rLBLNqb6jMJD:wFVEbFg16Vf97u3rLBLNqhaq","tlshash":"93d2a37834a7b4b561da99986734bd5396c80f5fe88afcd242cb8caa13d314880527f7","first_seen":"2025-09-24T10:08:54.265846Z","last_seen":"2025-09-30T08:01:23.522694Z","times_seen":136,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: image/png\r\ncontent-length: 5202\r\ntraceparent: 00-0f8d856a8ecabd905e032cb2d95332d8-df63cd3d07a045ee-01\r\nlast-modified: Wed, 26 Jun 2024 08:22:59 GMT\r\netag: \"b9a636eef54b2844b571fe7de49184a7\"\r\nexpires: Mon, 11 Aug 2025 06:46:57 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1120\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:51:46+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5202,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 514 x 514, 8-bit colormap, non-interlaced","md5":"b9a636eef54b2844b571fe7de49184a7","sha1":"bf653690790ced40eb3189da075a275d951d1607","sha256":"001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743","sha512":"7b288a27a69c91697042ebb6f80f48cf25e0c6260620ee8f4b0e7afa75430b95c394c3f284445e0628b347341b89480e2e7098510bc07f4db43ecc46d893c38f","ssdeep":"96:561aQaPXOi0Ui/+kgrJtv72TgGuDG9JAsXgQrjQ:470T0PEnv7Sgc9vPQ","tlshash":"56b19e22d46fe4a53230c81b67c1820a1df839c6e72c29d0e8ed4db5e2c8b7f84883c4","first_seen":"2023-11-17T17:46:27Z","last_seen":"2026-01-13T06:38:33.673472Z","times_seen":5260,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/99f79ba341.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/99f79ba341.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-46f6596d879a34d4b0e4f64d8050bce9-dc5a9f236a7ac7f1-01\r\nlast-modified: Wed, 24 Sep 2025 09:22:16 GMT\r\netag: W/\"22c9a2eb8969ba132021966eafeaaf05\"\r\nx-amz-meta-mtime: 1758705689.754485699\r\ncontent-encoding: gzip\r\nexpires: Thu, 25 Sep 2025 09:24:36 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 74466\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:29:20+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1973,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1972)","md5":"22c9a2eb8969ba132021966eafeaaf05","sha1":"cce396fa70db1059e082c20ce6f892bcc096a4dc","sha256":"8ab830a034124318bace4f95e8d578a319730e4e6f09b6681e9c7d7d6af526b6","sha512":"18946c49a97ad078e628bdba7205fbb4ef1e9f224b23d5004674b4aa3f01301b9df4e3e2c536296733a7dc3c070fb6803fdfa2ab301210c940faec8e0a91dfa3","ssdeep":"","tlshash":"fb41a6dab2b035f7e677519ebd0660f0c2082b9d132f10e8dee9884e210d9d22767793","first_seen":"2025-09-24T10:08:54.344059Z","last_seen":"2025-09-30T08:01:23.630025Z","times_seen":136,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/app-7edc2b8f.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/app-7edc2b8f.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-4a47ad564416014f4be4a05e1bc8e42d-de23ea18da41849f-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"03e0e09a926bb3695b2195ec176325e9\"\r\nx-amz-meta-mtime: 1758801842.766222248\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:22 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63819\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:26:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":485648,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"03e0e09a926bb3695b2195ec176325e9","sha1":"50c1a2e65cd7668f6b99c58d27a24b5d89f6d819","sha256":"2ea8e0c7c619e85f37b8afb083197533fc87c0bc74742266363ddf25056713b8","sha512":"b50d0a61a9f63de57efe07746518c204deaa25aaf043ce5f25b4e466be1232654c976788f41a5d7e2fcd110cdbcd9f8cde3f58027d1475856774a7281daecadf","ssdeep":"12288:A/3cbVDPZ4KNk+SPgF7jcupM/7dek/YVn:A/M5TZ4ZgF7jcupM/73O","tlshash":"a2a45ca5b5c8f48a02f34bdae03b0061e33916a9380dd064f779fdca359bc05916a67f","first_seen":"2025-09-25T12:54:38.921717Z","last_seen":"2025-09-26T07:36:11.203007Z","times_seen":24,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 405727e3-47a2-4abc-8d7b-08838cb86bad\r\nContent-Length: 48\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; postback_watcher=; auid=uaJaGGjWLlB9f0OFA+NJAg==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 285\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.078, wf-uht;dur=0.022\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"18acd09958c546ba9c44d974c8989fd0","sha1":"022aea67f841bcff8e2f384822e1517837cb8f56","sha256":"95761846fa5e4011c9aef5d5320625aefbd20cd7e4ad0bd645aaa1b62446f517","sha512":"72ef6395fa0abf7402109bcea532906252795ecc167c56cd990955186feab55a2b1f9d1d4c76bbb2c1ab5588e4eedc8adb8cca92261b4894fd42d38b28077800","ssdeep":"","tlshash":"1d7000220e0ca00203322803a20a2a0a0028a2030000033030c2022a0028af2228a0a3","first_seen":"2025-09-26T06:11:02.570446Z","last_seen":"2025-09-26T06:11:02.570446Z","times_seen":1,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:35.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:35 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-b2270fb387872e1294bc5c7bb339fd39-876865cdf305201a-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 234\r\ncache: HIT\r\nx-cached-since: 2025-09-26T06:06:41+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-04-16T23:39:40.117834Z","times_seen":10325,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:35.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:35 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-d791e21115fa3371fa3c8680b6f6420b-45bd623199b931d1-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 618\r\ncache: HIT\r\nx-cached-since: 2025-09-26T06:00:17+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-04-16T23:39:39.988425Z","times_seen":10467,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1707728419/stub.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:36.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cedexis.com","organization":"Citrix Systems, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0","sha256":"BE:70:39:96:BA:51:8F:A7:6A:9D:E1:58:FB:D9:F7:6F:17:5C:DA:A9:6E:54:3F:8F:0B:3D:1E:DF:8C:44:B4:71"}}},"request":{"raw":"GET /1707728419/stub.js HTTP/1.1\r\nHost: radar.cedexis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 26 Sep 2025 06:10:36 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 12 Feb 2024 09:50:42 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"65c9e9f2-186\"\r\nExpires: Fri, 10 Oct 2025 06:10:36 GMT\r\nCache-Control: max-age=1209600, public\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":390,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"82dec77fd0353c7c71ce053b8601387e","sha1":"fbbca95419e1d0c042e0a5fdf10f380aca66188c","sha256":"39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7","sha512":"6872c895cb44711405e57a436dfbe15d094f9159e11ee2b89983c63b1f18f6acbdfaf0ccbb5e48b2bf24f366f16584c660bca4b6b14c048a134bb77a60f6563e","ssdeep":"","tlshash":"02e068ae9391a318537a2dbacc4e060ba0f6114888e5e4e029f5c2c00461bae072bfb4","first_seen":"2024-02-13T14:23:26Z","last_seen":"2026-01-15T12:01:08.184588Z","times_seen":7496,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=3468358037855;npa=1;auiddc=1832195613.1758867037;pscdl=noapi;frm=0;_tu=KJA;gtm=45fe59n2v9190735530z89180563600za200zb9180563600zd9180563600xea;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104684208~104684211~104948813~115480709~115691064~115733586;epver=2;dc_random=OfqNEAHKxAyH-_XWtc0tMY1evJUB1wm7ig;~oref=https%3A%2F%2F1xlite-93399.world%2Fen%2Fblock?","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:37.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:37:54 GMT","end":"Mon, 01 Dec 2025 08:37:53 GMT"},"fingerprint":{"sha1":"28:1C:E7:95:EC:8D:32:9E:63:9A:72:B2:8D:47:E5:13:F7:CA:5E:18","sha256":"52:99:CC:AA:BC:C4:15:12:9C:2B:FA:D7:97:2A:C4:D3:7D:B0:5C:E0:02:26:3C:8D:B2:4B:BE:89:1A:70:D6:31"}}},"request":{"raw":"POST /gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=3468358037855;npa=1;auiddc=1832195613.1758867037;pscdl=noapi;frm=0;_tu=KJA;gtm=45fe59n2v9190735530z89180563600za200zb9180563600zd9180563600xea;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104684208~104684211~104948813~115480709~115691064~115733586;epver=2;dc_random=OfqNEAHKxAyH-_XWtc0tMY1evJUB1wm7ig;~oref=https%3A%2F%2F1xlite-93399.world%2Fen%2Fblock? HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ndate: Fri, 26 Sep 2025 06:10:37 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, must-revalidate\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://1xlite-93399.world\r\ncontent-type: image/gif\r\nx-content-type-options: nosniff\r\nserver: cafe\r\ncontent-length: 42\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"d89746888da2d9510b64a9f031eaecd5","sha1":"d5fceb6532643d0d84ffe09c40c481ecdf59e15a","sha256":"ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629","sha512":"d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c","ssdeep":"","tlshash":"c4900023fa808000c3a8c2300a0b238a2b8c80200a28030b80ae208cec3a3a22c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-17T03:12:38.306658Z","times_seen":801195,"resource_available":true,"data":null}},"time_used":409,"timings":{"blocked":68,"dns":1,"connect":8,"send":0,"wait":273,"receive":0,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/abd0b27824599374449ac53dfc5a97e2.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/abd0b27824599374449ac53dfc5a97e2.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-43b41445ce9d5b4907253bb8b5ca0686-8763179bcdec8566-01\r\nlast-modified: Fri, 19 Sep 2025 14:21:23 GMT\r\netag: W/\"b5a6dbdf3f12e11d0c5275b2ca6dc739\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 19 Sep 2025 15:28:35 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.043\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2496\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:28:50+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3091,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b5a6dbdf3f12e11d0c5275b2ca6dc739","sha1":"a8495df42a8f1e18c12dc1723660d062bbc8fb6b","sha256":"8febfd79d9b9b1298af34575340a4288d6d5b01ee4e50c57f5a5509d602412f2","sha512":"813327003eefeef8e9772adc05530b46f52fc044d76f5ed1393854052836ae2f89a0118697367681afbab9084b4e215c3120bf09ea2713553a7e8286ca9afe2d","ssdeep":"","tlshash":"85514b4df6e41c33012f19bdc0f76a6993d84f4f694a7c283a9d6c4d1bd451900aad3e","first_seen":"2025-07-21T03:11:29.13175Z","last_seen":"2026-01-11T03:06:49.449217Z","times_seen":2816,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:34.417Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"GET /hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/en/block\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; auid=uaJaGGjWLlB9f0OFA+NJAg==; window_width=1280; che_g=8fd91726-ba95-4929-af8d-9768ced2f04f; SESSION=5a54e7ecd3fa7b7923a1336947d1cd3f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:34 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 615\r\ncache-control: public, max-age=300\r\ncontent-encoding: gzip\r\netag: 32053c9c355cf85427a5cc3f07de0b09\r\nvary: Accept-Encoding\r\nx-dt: 455\r\nx-request-guid: 6bc2f1ad2922b4e86602fc18bb20a520\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.008, wf-uht;dur=\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1024,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1023)","md5":"32053c9c355cf85427a5cc3f07de0b09","sha1":"f3c13d6a657ffa2ca8997f54f4779f0c02f1600a","sha256":"0ec410318f3ecc3a3aef3de68e99190845248bcc12282aa15eb9acc87f8837d3","sha512":"cbb8c7ef0bbed264989bf5b4af7d216cdeacc5684641c37d429e5ceca7dc04e55254e81f319cd856e7b4f447565bf5abf4e9915f5725eb57cfb142f113362078","ssdeep":"","tlshash":"2211756e18ed58291a9275c402b7ccfc642036363219d4c495ede9e1072ff990032f5c","first_seen":"2025-07-24T09:34:41.13762Z","last_seen":"2026-04-16T20:55:29.061413Z","times_seen":3895,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/analytics-59854012.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:36.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/analytics-59854012.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:36 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-7d6132cbec0a704a8a298e3d1c742dd3-bd62da8ece6bf8e6-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"08d75d31423f86d2a24ef652ee3620c8\"\r\nx-amz-meta-mtime: 1758801842.766222248\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:32 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63760\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:27:56+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8845,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (8845), with no line terminators","md5":"08d75d31423f86d2a24ef652ee3620c8","sha1":"89a678d6a3a76772f0c1f7e06c60999761697794","sha256":"2e5413ba88dcf9b9b8ddff376f9af2de6c659b0d8250ae345aacccd651975681","sha512":"7b2dd4e9f5fba16ebcc0e18a652df8390f5e8c5b6a755e6de7cb3b010948801e4af14865675f5a8d7a5e580cde770046f324f74dae90054606ccf6b09d6fbddf","ssdeep":"192:+vO+jPZxnEW5+vxj33Veo9Rshu1WafwRWJ3vQ9O5mPQzuwVvOSRxGMkm:yjPZxnEW5253VeoHb1WafwRWFQ9ymPip","tlshash":"6902a68dbcc8e43007fa19b8e67b9a0ae07a17173405c451caead8c43d7ea8f1117e9d","first_seen":"2025-09-24T10:08:54.33735Z","last_seen":"2025-09-26T07:36:11.209675Z","times_seen":49,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je59n2v897130004za200zb9180563600zd9180563600\u0026_p=1758867036361\u0026em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=1940189089.1758867037\u0026ecid=1914494561\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026ec_mode=a\u0026_s=2\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104684208~104684211~104948813~115480709~115616985\u0026sid=1758867036\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-93399.world%2Fen%2Fblock\u0026dt=1xBet\u0026_tu=KA\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026ep.optimize_id=GTM-5R4MT54\u0026tfd=12456","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:36.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je59n2v897130004za200zb9180563600zd9180563600\u0026_p=1758867036361\u0026em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=1940189089.1758867037\u0026ecid=1914494561\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026ec_mode=a\u0026_s=2\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104684208~104684211~104948813~115480709~115616985\u0026sid=1758867036\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-93399.world%2Fen%2Fblock\u0026dt=1xBet\u0026_tu=KA\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026ep.optimize_id=GTM-5R4MT54\u0026tfd=12456 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://1xlite-93399.world\r\ndate: Fri, 26 Sep 2025 06:10:36 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0\r\nreport-to: {\"group\":\"ascnsrsggc:158:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T03:13:33.193802Z","times_seen":13844586,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":36,"dns":0,"connect":9,"send":0,"wait":17,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_ae861f5f20233158a270b9bf1f124dba.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_ae861f5f20233158a270b9bf1f124dba.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-32c7c477901ce8efe91802d59889f5cf-6e132433188964d7-01\r\nlast-modified: Mon, 25 Aug 2025 18:06:58 GMT\r\netag: W/\"0093e9f87ceceddf08223faa66e803cf\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Thu, 11 Sep 2025 19:52:28 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2214\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:33:32+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28327,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0093e9f87ceceddf08223faa66e803cf","sha1":"5290778a9922cc6d08c985f290b39916d0865c2c","sha256":"ebc90f649e7f412597bb67732393a4ee5c42fc0e253dac74a8f75ecf56540c9b","sha512":"0225ccbe4659084c28e725c37ad1139444a86f424ac7b32d965eb54a190ea9fbdb1d04b4eccfff661c655358da4b5ea2e5ffc325dcb786b5c2597fe77c593471","ssdeep":"384:1lq4j/8i+GZCH6CqyXLbhU8QnBehe6pjfsE6oCNhWxB5gVInt5DQHirGqT:nq4HKeSjIodhg4t5DQ+zT","tlshash":"25d2723eb403fcbbf58600c4ae6abda361b40098d3a9ce5b88df481e21e71de5157847","first_seen":"2025-08-25T18:36:05.084487Z","last_seen":"2025-10-15T12:55:10.63877Z","times_seen":1233,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ncontent-length: 747\r\ntraceparent: 00-769444976c8599840e3a44d6f6b85b19-d983c40f35496bed-01\r\nlast-modified: Thu, 27 Feb 2025 13:26:35 GMT\r\netag: \"f4e90636ec9cff061c4301b3cefdd0d6\"\r\nexpires: Thu, 28 Aug 2025 18:20:59 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2496\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:28:50+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":747,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f4e90636ec9cff061c4301b3cefdd0d6","sha1":"c506efe9c3672c58434ea10021dab0ad81b1ad98","sha256":"30666f138ccc12735e2f8a6405ddce4a3d8756b9445e3b2732fa2970f14dbcea","sha512":"2db1a1a4419db47b4256906f9c660b85479bb83d2ab0757d1b1c24cdf94d97bdc4a7140d5d8ea31cbf612a77ba1ae6ef46bbd77eb42d24b6d83afebbc46c9216","ssdeep":"","tlshash":"2a012d94bde4083719374ca981a2595d63844b0398297c087adf3d4c5b2096d056e9be","first_seen":"2025-03-01T06:06:39.041672Z","last_seen":"2025-12-04T11:53:51.978889Z","times_seen":4943,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":88,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 405727e3-47a2-4abc-8d7b-08838cb86bad\r\nContent-Length: 98\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; postback_watcher=; auid=uaJaGGjWLlB9f0OFA+NJAg==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ncontent-length: 23\r\nx-dt: 285\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.004, wf-uht;dur=0.010\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f353746ba4a41ac529c34a120a09249f","sha1":"d11ffe2833e8b5f3fabf54cf8d4d92b9706aaf57","sha256":"d6865189151ce6023fc601c4b438f67ebe1e800dac54383914cea1615426ac3b","sha512":"b7c3b27609e0fa01c1e7900487d1e4fa199e61ff8ef72855e57adfe9d34dd9b77612cf1edc5951122c3a1666fd2da52e732bb524b8cc4d3e7abd0e0fb23d3030","ssdeep":"","tlshash":"6d7000220a0ca00222202003a20b0a0b0028a3038000003020820228003caa2008a0a3","first_seen":"2025-09-26T06:11:02.575792Z","last_seen":"2025-09-26T06:11:02.575792Z","times_seen":1,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1c99cd8ddb.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.740Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1c99cd8ddb.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-bfa33c5f8c73cb081ef0f6c1d8ecf3aa-a892d158627b715d-01\r\nlast-modified: Wed, 24 Sep 2025 09:22:16 GMT\r\netag: W/\"dd40552dfc1f96b11eee0e93bed8e11e\"\r\nx-amz-meta-mtime: 1758705689.747485548\r\ncontent-encoding: gzip\r\nexpires: Thu, 25 Sep 2025 09:24:34 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 74467\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:29:19+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2980,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2642)","md5":"dd40552dfc1f96b11eee0e93bed8e11e","sha1":"ea3d9191b850b52efd0fca9a483775a0e4391c69","sha256":"6978d2c2ba3b967b6d19039366cf78da45b0ea320d48ba7c00bcafab3af3cea7","sha512":"0a0f4eb8fabb069d65a1d6200544c02c16c96363b17d761df477563b2569bc670da5e900972879e95b6c435baee02cf89d05d047a123f17220c72550b345adc6","ssdeep":"","tlshash":"0a51d7dc6ef878b8280d8e5af41630619b481c5b36ade8e5f68d8f940320298e251e41","first_seen":"2025-09-24T10:08:54.350242Z","last_seen":"2025-09-30T08:01:23.622101Z","times_seen":136,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/vendors/plugins.vue-js-modal-957e9f20.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.084Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/vendors/plugins.vue-js-modal-957e9f20.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-b1342bff75b3ef14f47d6161b7f2c9d4-1f50186387f8a912-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"e4bd4f674fe0ec04a09b7f1705abcc78\"\r\nx-amz-meta-mtime: 1758801842.781222301\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:23 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63761\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:27:45+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26667,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (26667), with no line terminators","md5":"e4bd4f674fe0ec04a09b7f1705abcc78","sha1":"ef8ee3b7c37705984ddbbd10e264ab2a22bba7f4","sha256":"2bdd900bf3ca36d7b753a320c9fd1151f29d3cc47a303b7345fb968bc01ee3e8","sha512":"31142c53a5b64ca7823fe57acaaf08bc5a433728a13a3be3ac025da6bb68a974355dc918d7fafd28506fa47abbff881828ca24b99fe4b790d411753f03ceae03","ssdeep":"384:vBy0a9vOeCGAZIXfK2rVsAdm00uow4HQEjacGXGQVe6ubqE:SHyIXfPt4wE9GXGQcbqE","tlshash":"d7c2288977d8307442db5563627f2b0ab23e295074269888f772e8e65cb864d206ff3c","first_seen":"2025-09-18T09:12:41.674109Z","last_seen":"2025-09-26T07:36:11.195201Z","times_seen":188,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ncontent-length: 182\r\ntraceparent: 00-12f8940ac4c7731ece10ad03da45d789-627cc3af7ae17775-01\r\nlast-modified: Thu, 27 Feb 2025 08:55:26 GMT\r\netag: \"0a64a07e9a34e8a5b5e97e80a10888c5\"\r\nexpires: Thu, 11 Sep 2025 22:52:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 3404\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:13:42+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":182,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0a64a07e9a34e8a5b5e97e80a10888c5","sha1":"82545cbc39b7dcc031dd10dea841a0b3698243d6","sha256":"7201497e7e8cdf9d35bf6998e43dcde5feea535f9828ce3ee98785781016126c","sha512":"fd619b94af18c7082a4f18556f1443081c8dc650b263c49c56f2514184d4f62e253ad87a220baa9396d7a06bc9ec3cc8ec75eee829a6c1016c4a3af2c1afa5ae","ssdeep":"","tlshash":"f0c02220e5f88823012b68bc80eaa55417504b2339021c20374c0a884b6162400149b8","first_seen":"2025-02-27T19:55:38.982186Z","last_seen":"2026-03-31T06:06:31.551304Z","times_seen":4136,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-ui/3.3.422/Desktop/Default/merged.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.300Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-ui/3.3.422/Desktop/Default/merged.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-9ae91068639b08c01b682e430f5a8771-bd0eaeb61cb404dd-01\r\nlast-modified: Thu, 25 Sep 2025 12:34:29 GMT\r\netag: W/\"85c0229b626cc1463c35a1476cb12937\"\r\nx-amz-meta-mtime: 1758803640.803775057\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:36:18 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.003\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63196\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:37:09+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":837532,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"85c0229b626cc1463c35a1476cb12937","sha1":"a8cbfa449f1f056d4044230c405b9fee184f8c49","sha256":"30b2c7f62937971b02d9a172d2f6ddc2d6b44c419befce0507205421812397c7","sha512":"22c100d3e43964d0f47856f17d3c4ca1cdb3d9b29ecb2b1a6f18cb9a294984d9910a169855b6bc37a7f9d247254c17ae0d4d631a1d0d5128ff8e1a1740cf912b","ssdeep":"6144:a94Rf4/xuH6Cfe2wZliaFv4r6enhWLOEUJv1inLjkLGOZzeaE50KtKm:wXD4r6enhWLOEUJv1inLjV50KtKm","tlshash":"0605621cf29ea1393e37e52462545ffc6620b7179b231c6ff899024a0ec394361a6db7","first_seen":"2025-09-25T12:54:38.924376Z","last_seen":"2025-09-26T14:19:11.863591Z","times_seen":34,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":59,"dns":17,"connect":3,"send":0,"wait":2,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/version.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /version.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: application/json\r\ncontent-length: 11\r\ntraceparent: 00-9f5ec63e5e46a6ed19ba74ea3714a990-8aa7c9a4aeddd707-01\r\nlast-modified: Thu, 25 Sep 2025 12:35:31 GMT\r\netag: \"d27a5d32faff81a3615b2126d480b144\"\r\nx-amz-meta-mtime: 1758803731.185567058\r\nexpires: Thu, 25 Sep 2025 12:38:51 GMT\r\ncache-control: max-age=60\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1\r\ncache: HIT\r\nx-cached-since: 2025-09-26T06:10:24+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text","md5":"d27a5d32faff81a3615b2126d480b144","sha1":"6b0cd333ae0fa50643a3ff05ab76deb067f5244f","sha256":"3a0d896dd0143c2b971294d208a230be6c867a79f432e8ae336f9ccce3d1e784","sha512":"e7a5833953e38ae0091b3756a54030a4c2c89b15ff86c73e26dbe28c54f56b87fea66d7a7a1febdc490a117afd38d54fb429293ad39945c63c61be83d8991af3","ssdeep":"","tlshash":"ec500000000cc0c000000000330003000003c0003000000000030c000000003cc30000","first_seen":"2025-09-25T12:54:38.899527Z","last_seen":"2025-09-26T07:36:11.16626Z","times_seen":29,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":10,"connect":17,"send":0,"wait":14,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_cf05c2049f987d7268276708686e4bd0.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_cf05c2049f987d7268276708686e4bd0.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-9e65db857b024fa457706a4f03b036b2-b656a953bf76ba72-01\r\nlast-modified: Wed, 24 Sep 2025 08:07:32 GMT\r\netag: W/\"d30b972ec91959f6fadcabe45e33d6ad\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Wed, 24 Sep 2025 09:25:34 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2143\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:34:43+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":142251,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d30b972ec91959f6fadcabe45e33d6ad","sha1":"30c09d49ecdeb51ceff7f24164722b5a51ea60f1","sha256":"26c2ecf14ff123c7d961acc1ad3e5931b57c1d8c30c4256b4fb76fb1089b6a0e","sha512":"74c85316f6dd34a8175c064b5ecee686b82e1c8b159c6e6ee39a3963bc8e47179cf99512daace4e2ebec477fe38a8f8a2e7168f0c3d7872fd7c1e62c06b6005f","ssdeep":"3072:vsSMI9Z0rkk7etAfRxxlRXPGj9AgLAnSc6WrsqfuJm9p1Zl:vCIsoJ2fVlRXPGj9/An0qfuJm977","tlshash":"8cd3e70a194c6e7f0fda22ddf94edf4962b40055aab2c822d8eec11e7197fd2817714b","first_seen":"2025-09-24T09:23:18.586005Z","last_seen":"2025-09-30T16:18:02.536541Z","times_seen":201,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9c2365ca58e0fb54268fd4914d751b9.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/d9c2365ca58e0fb54268fd4914d751b9.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-5a5d4dfed53437568248cc229c9894c8-a2e97fd91f550d76-01\r\nlast-modified: Mon, 16 Jun 2025 11:25:45 GMT\r\netag: W/\"1a7ec72aad44f9540cb604d7cde5ff38\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 11 Aug 2025 05:01:25 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2496\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:28:50+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14466,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1a7ec72aad44f9540cb604d7cde5ff38","sha1":"65e5851d652e0471c213282efb5eeee31ae813db","sha256":"94d4bf6bc00a09b766ea0ba441e860dc40ee6d398be80e89016dd0ee662869d6","sha512":"05c4574c3785992daed7bb3616a938d1d04dc9679132ee8997147a21c32d2dab5537e51060ecce9969c4e2ea5c4ba97299c5f2622a3f6fb097c066e189d37f79","ssdeep":"96:75b7Ba79eu4QWGAdryCiQFpzLJLJeHZVZYpH3UGHSTSSbbGiJinHs:u7kJ2VK3UsyinHs","tlshash":"935246d9bae41c33112b60bdd5f7f91aa3dc1f439d4aa8287eac6d4c1b6050500aed7e","first_seen":"2025-06-17T07:58:23.417687Z","last_seen":"2025-11-14T10:22:49.434452Z","times_seen":2557,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":86,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 69\r\ntraceparent: 00-aa9e681767002385793c37469a7c35f7-c203c4d5066a067b-01\r\nlast-modified: Wed, 24 Sep 2025 09:22:16 GMT\r\netag: \"2cdaa92927f02e0b628f1ef4d7dd8caf\"\r\nx-amz-meta-mtime: 1758705689.745485504\r\nexpires: Thu, 25 Sep 2025 21:21:46 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 31647\r\ncache: HIT\r\nx-cached-since: 2025-09-25T21:22:59+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":69,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"2cdaa92927f02e0b628f1ef4d7dd8caf","sha1":"9104a2e16ed080b80a42588b8aeb52ebec47ab7a","sha256":"ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db","sha512":"31da80bc1b17aa708fef74b0211af91fce1b4a5f518f11e5caa80f50e9a7791b6e94924e381f550fc44a02f4c1d785e5b95fa2464e7968b5cab079612d70d839","ssdeep":"","tlshash":"1ba002935a5ef66c209044860696e74733823d6a3477b1d625bc5509e6061474817257","first_seen":"2025-05-14T05:06:37.199299Z","last_seen":"2026-03-18T19:40:26.76398Z","times_seen":5502,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":14,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_popper_js_WZJKYEQD.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-f3413bf77ac970fb0ec129c81051cb48-8140c9dfbccea06b-01\r\nlast-modified: Thu, 25 Sep 2025 10:23:51 GMT\r\netag: W/\"bea5b052c307601192270938523fa030\"\r\nx-amz-meta-mtime: 1758795783.101861766\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 11:03:46 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 68800\r\ncache: HIT\r\nx-cached-since: 2025-09-25T11:03:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21252,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (21232)","md5":"bea5b052c307601192270938523fa030","sha1":"937f7094c67f5a92c1032a7bc3f21ee94bec66ef","sha256":"f41290374ba615854ebb4b28a07de775581707f3b6427bcc01c0529c62476f64","sha512":"b9bff7f7d9b518ec76898a732114873c01206378c2a840c62062f05487ef773716ce841d7a5bafe3f0c65fbfdf05509852571a3a6b381661cb6f4984d6bc23a9","ssdeep":"384:ZP7iayBuR9vu3z1JXvykd2+LaqHdC6RjVnTGm/7piCXmH8kCCcvJTCyCu+meAxiZ:piZwO3XvO+NMSJt3XmckXcv4nxJAxiH5","tlshash":"7b92a28c7684b0a287a7a2a7a07f860f71376865650e9004f59cf6ec3c35dba507bc7d","first_seen":"2025-08-22T10:11:14.555802Z","last_seen":"2026-03-04T04:00:43.408775Z","times_seen":3920,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/site-admin/colors/15c32f1803fbd0a6da261b23605b8b5a.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/site-admin/colors/15c32f1803fbd0a6da261b23605b8b5a.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/css\r\ntraceparent: 00-eed5463a89e35ab272ac0197d07b97d2-0388de668b5401c6-01\r\nlast-modified: Thu, 11 Sep 2025 11:33:01 GMT\r\netag: W/\"15c32f1803fbd0a6da261b23605b8b5a\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Thu, 11 Sep 2025 12:34:54 GMT\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 3271\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:15:54+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40933,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (40933), with no line terminators","md5":"15c32f1803fbd0a6da261b23605b8b5a","sha1":"0934ae808e076735c5ba5bdcf58347c6c6062042","sha256":"6b7eaa3011a067f85fa704698ef5cfa6c92ebaf41f53f410ab288d6d9240eba3","sha512":"7089884204b364d81d4971c39be2db616849bbd6b042b2d003c4ab7a3faa1063b3209ddee148a28bca895307def451e1f676fbeb1e72fd4665cf432160e2ed3e","ssdeep":"384:+EO1mFSK75xWt5JkyunibMhS43eIIc+7rpeN:+EO1mFSK75xWt5JkyunibMhS4uIypeN","tlshash":"7d037b7ded91c1712a591931911c677b3d36e9ceae240f8fd02c63e630c1b022be5a7a","first_seen":"2025-09-11T12:33:13.092106Z","last_seen":"2025-10-01T07:27:26.239983Z","times_seen":415,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":88,"dns":19,"connect":1,"send":0,"wait":1,"receive":0,"ssl":76},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/css\r\ncontent-length: 46\r\ntraceparent: 00-278ad312d9e1c18f36ab5f485192dbf0-80c27d1627d77d68-01\r\nlast-modified: Thu, 20 Mar 2025 13:29:31 GMT\r\netag: \"29b5cda95fa390c124de39b6aeca6d24\"\r\ncache-control: max-age=3600\r\nexpires: Fri, 08 Aug 2025 22:53:08 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1910\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:38:35+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"29b5cda95fa390c124de39b6aeca6d24","sha1":"46f68f69533c1fdc737eb36e8e7af7672178e610","sha256":"6021ec0aede22eadcb8401fe945d345202320437c7be01b157f0cb282ebe7c88","sha512":"8a62d0b23596f91ed5dbd111fce75e940b4b6fe542716d9fad76d610eb9a90f67bad145f3dcfd977b5a7a6d414d66e94c0abcaf6cabce2310d94af56cdf0e13b","ssdeep":"","tlshash":"54900294a50c22502025c656109c48d0119412566621255851533451b4438405960188","first_seen":"2025-03-20T19:27:14.305804Z","last_seen":"2025-11-18T11:41:52.983768Z","times_seen":4852,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":67,"dns":18,"connect":1,"send":0,"wait":1,"receive":0,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/captcha-api/assets/hunt-captcha.js","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:34.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"GET /captcha-api/assets/hunt-captcha.js HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/en/block\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; auid=uaJaGGjWLlB9f0OFA+NJAg==; window_width=1280; che_g=8fd91726-ba95-4929-af8d-9768ced2f04f; SESSION=5a54e7ecd3fa7b7923a1336947d1cd3f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:34 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 23566\r\ncache-control: public, max-age=300\r\ncontent-encoding: gzip\r\netag: cc87b27db434ca92aea6e1a1ceb5b78c\r\nvary: Accept-Encoding\r\nx-dt: 455\r\nx-request-id: e5fd3c33b0f01daf9d6f2783c7872abe\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.006, wf-uht;dur=\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":90808,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"cc87b27db434ca92aea6e1a1ceb5b78c","sha1":"905e65010d66d0bba5836f44cfb27ad9cda60051","sha256":"b7c2d216440e81574ce9b359404af25382d21f6d06b31162e1d56d97e721f117","sha512":"c93461ca41050b2ed4cf5724b61293de852034eb5cd9856e5af84ca3569584db0df14c267a9350839d3fbc4b536d416a56b8b7b0cc4f67c7770660212dc99912","ssdeep":"768:mfqz/IppUgutFIIfCpFujCbsboXim9ifscjA6NecfjCdjhACLiZhT/rAztF1TP7C:xEIW0BLIS","tlshash":"0693de857de2c08793d35bd6923f4cd8e87504cb66966f488812f91bf9ae86783d4833","first_seen":"2025-09-24T12:37:05.081519Z","last_seen":"2025-10-24T09:11:09.901149Z","times_seen":1174,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"radar.cedexis.com/1/23802/radar.js","fqdn":"radar.cedexis.com","domain":"cedexis.com","tld":"com"},"ip":{"addr":"45.54.49.5","port":443,"asn":63911,"as":"NetActuate, Inc","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:36.670Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cedexis.com","organization":"Citrix Systems, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0","sha256":"BE:70:39:96:BA:51:8F:A7:6A:9D:E1:58:FB:D9:F7:6F:17:5C:DA:A9:6E:54:3F:8F:0B:3D:1E:DF:8C:44:B4:71"}}},"request":{"raw":"GET /1/23802/radar.js HTTP/1.1\r\nHost: radar.cedexis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 26 Sep 2025 06:10:36 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nLocation: /1707728419/stub.js\r\nExpires: Fri, 26 Sep 2025 06:20:36 GMT\r\nCache-Control: max-age=600\r\nVary: User-Agent,DNT\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":390,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T03:13:33.193802Z","times_seen":13844586,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":33,"dns":0,"connect":20,"send":0,"wait":59,"receive":3,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_chunk_LNU73JEK.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_chunk_LNU73JEK.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-ad5ea25cae13f7f2c094104d43262c82-ebcb368bf1a8aece-01\r\nlast-modified: Thu, 25 Sep 2025 07:37:35 GMT\r\netag: W/\"d96d317966512ab8915a90670ca5a5af\"\r\nx-amz-meta-mtime: 1758785780.410863242\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 09:23:07 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 74234\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:33:12+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1232,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1231)","md5":"d96d317966512ab8915a90670ca5a5af","sha1":"a810be1c3e515adb49804e8d976250deb16fd77d","sha256":"f125201d62c452efba070d856821885c7cfd539a31d55846caa6ae3a7522d3cf","sha512":"460b29966e6f5ac4d34ccc714217d29686d7aff42efa92a102729d40aa36dd4fbb87116178b2f9fdece5fdb09cb2bf2024312d3f1b86abb69644f695c76aca2d","ssdeep":"","tlshash":"a521f1e56fbc7ba362be2ae4a02e0041e001d53752f4f1d4f294dfb4a4e949d035b5b6","first_seen":"2025-08-22T10:11:14.554562Z","last_seen":"2026-03-04T04:00:43.411503Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:27.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 405727e3-47a2-4abc-8d7b-08838cb86bad\r\nContent-Length: 19\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; postback_watcher=; auid=uaJaGGjWLlB9f0OFA+NJAg==; window_width=1280; che_g=8fd91726-ba95-4929-af8d-9768ced2f04f\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:27 GMT\r\ncontent-type: application/json\r\ncontent-length: 2\r\nx-dt: 285\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.006, wf-uht;dur=0.010\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d751713988987e9331980363e24189ce","sha1":"97d170e1550eee4afc0af065b78cda302a97674c","sha256":"4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945","sha512":"b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af","ssdeep":"","tlshash":"c7100000000000000000000000000000000003000000c0000000000000000000000000","first_seen":"2023-03-08T00:02:47Z","last_seen":"2026-04-17T03:13:29.570762Z","times_seen":239851,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_0f97545e93.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_base-app_0f97545e93.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-97647dbbf60ef369a651f7604b58f3b1-2a0fa25e8679cb32-01\r\nlast-modified: Thu, 25 Sep 2025 09:06:19 GMT\r\netag: W/\"6f4d800a0f28df5fb48904c1504fc345\"\r\nx-amz-meta-mtime: 1758791126.135157397\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 09:12:30 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.004\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 75333\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:14:53+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1478180,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (23471)","md5":"de4cad8fc137d1cca08fbb5b06a9f57c","sha1":"c0e09430bb44a8251c28e294e9674f92ca3a2ca4","sha256":"7f8c001126443a9be46108e7cf2cfe962bb2e886921a54bcd2cac7532d4ba76e","sha512":"395486a832685af36dc04e81097abadf7aa8513ef848fd6c227afcf9efc8b54f0535d9420c90c97effbb161c3970a964c75dce070d39a256caa2853fee22c937","ssdeep":"12288:IpQO3ln7dgdMb6aNDrUazKJgNE5DTCFaFIQp6t8+Pws9/m82+kg6k:qQO3ln7dgdFmUmKCE5/p6qs9/m82+nV","tlshash":"55259d44f16778123ae784e6e4771182711c566e9409ac90f2faddf8368f6a0628ff7c","first_seen":"2025-09-24T10:08:54.327026Z","last_seen":"2025-10-02T07:15:42.677289Z","times_seen":263,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:35.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:35 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63920\r\ntraceparent: 00-7d23b391a49e27cbf6eb6a0006f6d267-33cb0f1d8ecc4c11-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"a65527fcb58f66a7cfbc0e6b160538b4\"\r\nexpires: Sun, 10 Aug 2025 19:21:26 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 234\r\ncache: HIT\r\nx-cached-since: 2025-09-26T06:06:41+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63920, version 1.0","md5":"a65527fcb58f66a7cfbc0e6b160538b4","sha1":"45d260e7fa343401b5bb0df982a014f53e2d253b","sha256":"fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45","sha512":"8448e96abe326f43285b2d8b0d75beaf0e9c9e051e8754841d907b30eb303ae24c447011306da6a1703b9192d02aeff76a4517bdf94ec6e7dc360ce3538802af","ssdeep":"1536:UIG3hJMkJeK8ic5iZGnJ4URj9vqXOQ6UqYdbuA5RVK1:UL31hcLlRjDQ6Uq4W1","tlshash":"7f5302df8de32a148ff78772668885f4f4927c68898c8e7345526a8907f07d6b96c04f","first_seen":"2023-05-07T18:04:27Z","last_seen":"2026-04-16T23:39:40.117834Z","times_seen":10325,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-5b5fb568cefc49b8e673143ead8ecc1e-b0fab1edf11da479-01\r\nlast-modified: Mon, 30 Jun 2025 14:06:32 GMT\r\netag: W/\"26f10f416f0a3743c3362a51dd558a4b\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Mon, 11 Aug 2025 05:59:51 GMT\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 3223\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:16:43+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1202,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"26f10f416f0a3743c3362a51dd558a4b","sha1":"6b458c43b5e31fc0515de1eb1a0e535855a3e936","sha256":"8374658000ae2d2747471b9535397e6de0c036d4e1a767a2a523047f8d06cb73","sha512":"1a6b1e740800f48106a46ff15b36fdeaec72cb4fa2e7a06957a52609f7b5481f1c0bca9e6a07a4112e0a1dbc75918e78fd5085517dd0051b4546b84338715321","ssdeep":"","tlshash":"d7210aa71034073e9d132b2bad3f929006c0485052e8b487379f39fb37ccd949e6d6aa","first_seen":"2025-06-30T16:12:32.415153Z","last_seen":"2025-10-15T02:35:25.221046Z","times_seen":2212,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3fbe465d90fa2cf42e3089c7b63e09fc.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/3fbe465d90fa2cf42e3089c7b63e09fc.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ntraceparent: 00-d129a4096b61456be0e007df745b7299-0e06deafe8db3965-01\r\nlast-modified: Fri, 19 Sep 2025 12:34:47 GMT\r\netag: W/\"030d8f928e11f3038a1956b87dfde36b\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 19 Sep 2025 13:58:28 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 2496\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:28:50+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25487,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"030d8f928e11f3038a1956b87dfde36b","sha1":"9fe32ce43a732aa5ab0172a6353753f8932b7aab","sha256":"de4fd2aff17b8a4bf4ca979ced0feb4d18888e0d729d125a39c3ff515490c4b1","sha512":"bf2d44c68305c9bec3762f80b708d8771b17fb618d4ce9e2ba230bfcebb9fde8226e3d6a86edf5c459570f482ca0654eb236d9c0129975110c00a310f6d2bcae","ssdeep":"384:hrLr0fLPwUj+uZbC445IOhT9TYXw1LyaN1C1WjTZ5sogvllydwDcc6x0W:hvkD+yEgvO","tlshash":"c6b23b85fef40c33102f90ae95f3ba0e93d85f879d4a6c14bfac2a4d2b54519016ad7e","first_seen":"2025-09-19T12:54:23.532061Z","last_seen":"2025-09-30T08:01:23.521866Z","times_seen":283,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/css/1a1d900b.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/css/1a1d900b.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-531da38eb2c4022df27ffa6061b5852e-9b0f9fffde9f48e3-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"2d28623565c5d1ed62f69d11232df70c\"\r\nx-amz-meta-mtime: 1758801842.767222252\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:21 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63819\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:26:46+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40728,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (40728), with no line terminators","md5":"2d28623565c5d1ed62f69d11232df70c","sha1":"e0c5bdc19f3c14ba2e4476ba4fd10953b57a8eed","sha256":"ea0c15a3a8d1755ca663aeef7883c12d8c82a34c5375b467419cbb81c2997160","sha512":"0feeede77bf37ffc7dc9d97a6c6b718d6cfcc932dcec699a32d90c07b4d76b7899c6f4c1cf38930cb5517a876d2d6000120e22f80765e2eb50d65401ac8ce35d","ssdeep":"768:SnraTC/9ApQze5i/aWVXuNVuvLh0TEkhZMsl9ILXb:erMC/9ApQzOi/aWN","tlshash":"6c030f5dfca8c5760d27f521a288be3c01b0f42ade314d96f90e57a518c3f9b15e0ea9","first_seen":"2025-09-24T10:08:54.318424Z","last_seen":"2025-09-30T08:01:23.610052Z","times_seen":139,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":51,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\nContent-Type: application/json\r\nX-Lang: en\r\nX-Uuid: 405727e3-47a2-4abc-8d7b-08838cb86bad\r\nContent-Length: 19\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; postback_watcher=; auid=uaJaGGjWLlB9f0OFA+NJAg==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json\r\ncontent-length: 2\r\nx-dt: 285\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.077, wf-uht;dur=0.010\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d751713988987e9331980363e24189ce","sha1":"97d170e1550eee4afc0af065b78cda302a97674c","sha256":"4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945","sha512":"b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af","ssdeep":"","tlshash":"c7100000000000000000000000000000000003000000c0000000000000000000000000","first_seen":"2023-03-08T00:02:47Z","last_seen":"2026-04-17T03:13:29.570762Z","times_seen":239851,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6afa6df928.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6afa6df928.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 614\r\ntraceparent: 00-1491a51bad6d23e149c63ea81bc7255a-1cea795a2fe8edc3-01\r\nlast-modified: Wed, 24 Sep 2025 09:22:16 GMT\r\netag: \"f07d1a740a9a1b3f5b0167d0bf44e4d2\"\r\nx-amz-meta-mtime: 1758705689.753485677\r\nexpires: Thu, 25 Sep 2025 09:24:35 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 74467\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:29:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":614,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (613)","md5":"f07d1a740a9a1b3f5b0167d0bf44e4d2","sha1":"7ef2209143f924410b0cc7ccb9867704b1af329f","sha256":"ce4b70d82ecefb017a88749072769e6c11eff89a36e3574a1b9f906a80a0c54f","sha512":"f28d311f859508d50873860d4057947db4ed23b7b7864740d9ad292fefdea3dfe6a6e214000d52a65c0036774fda3da02159d7d7619417db40646b1e00196964","ssdeep":"","tlshash":"b1f002beed31a160a10244d95d5aa422c6c43d67075a74e481e94653b31209795065c7","first_seen":"2025-09-24T10:08:54.297813Z","last_seen":"2025-09-30T08:01:23.511669Z","times_seen":136,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/web-api/session","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:34.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"GET /web-api/session HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\ncontent-type: application/json\r\nx-requested-with: XMLHttpRequest\r\nx-app-n: v3-nuxt2\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; auid=uaJaGGjWLlB9f0OFA+NJAg==; window_width=1280; che_g=8fd91726-ba95-4929-af8d-9768ced2f04f\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:34 GMT\r\ncache-control: no-cache, private\r\nserver-timing: dt_total;dur=0.050, p;dur=10.633, wf-uht;dur=0.046\r\nset-cookie: ua=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/\nSESSION=5a54e7ecd3fa7b7923a1336947d1cd3f; path=/; secure; httponly; samesite=lax\r\nx-dt: 285\r\nx-time-ng: 0.012, 0.034\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T03:13:33.193802Z","times_seen":13844586,"resource_available":true,"data":null}},"time_used":74,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/destination?id=AW-16664555628\u0026cx=c\u0026gtm=4e59n2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:36.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtag/destination?id=AW-16664555628\u0026cx=c\u0026gtm=4e59n2 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 26 Sep 2025 06:10:36 GMT\r\nexpires: Fri, 26 Sep 2025 06:10:36 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgsrsghrgc:72:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascgsrsghrgc:72:0\r\nreport-to: {\"group\":\"ascgsrsghrgc:72:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgsrsghrgc:72:0\"}],}\r\nserver: Google Tag Manager\r\ncontent-length: 125912\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":367760,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5911)","md5":"b732b4ee136628f7d3c4015df8b21cb0","sha1":"b4b2907ae3017d9c9bcbde949207db38514e3e45","sha256":"d6fcbd56e4f9a22285afccb9b8a19afc9052a0b5414ba8ae8f89cb4c242e150b","sha512":"8fb262ad000f2b1621226c28410aa0bec7e969e49675fb67d0a647e5f8b846c0f6f0f068e81f893543a4e3bdd8bd521c48116465a23278728fde9c1939d98117","ssdeep":"3072:wFLz5MCu/D62GmMgZepV0RP18YqkLPW8RthKUfgHwa6z0CZzu0B/uuxtA/O/G1SE:mpmMgZepxYqkD1gIuq/RPG1SvuVcxUt","tlshash":"7f7419cd73d674265392a478903f018bb5bb68a2f44cc899f185dce42e74a9a4237f7c","first_seen":"2025-09-26T06:11:02.590335Z","last_seen":"2025-09-26T14:19:11.77187Z","times_seen":5,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je59n2v897130004za200zb9180563600zd9180563600\u0026_p=1758867036361\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=1940189089.1758867037\u0026ecid=1914494561\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AEAAAAQ\u0026_s=1\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104684208~104684211~104948813~115480709~115616985\u0026sid=1758867036\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-93399.world%2Fen%2Fblock\u0026dt=1xBet\u0026en=scroll\u0026ep.optimize_id=GTM-5R4MT54\u0026epn.percent_scrolled=90\u0026upn.ref_id=1\u0026tfd=12455","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:36.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-7JGWL9SV66\u0026gtm=45je59n2v897130004za200zb9180563600zd9180563600\u0026_p=1758867036361\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=1940189089.1758867037\u0026ecid=1914494561\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AEAAAAQ\u0026_s=1\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104684208~104684211~104948813~115480709~115616985\u0026sid=1758867036\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2F1xlite-93399.world%2Fen%2Fblock\u0026dt=1xBet\u0026en=scroll\u0026ep.optimize_id=GTM-5R4MT54\u0026epn.percent_scrolled=90\u0026upn.ref_id=1\u0026tfd=12455 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://1xlite-93399.world\r\ndate: Fri, 26 Sep 2025 06:10:36 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0\r\nreport-to: {\"group\":\"ascnsrsggc:158:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T03:13:33.193802Z","times_seen":13844586,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":38,"dns":0,"connect":9,"send":0,"wait":18,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/en/block","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-26T06:10:24.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"GET /en/block HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; postback_watcher=; auid=uaJaGGjWLlB9f0OFA+NJAg==\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 203 Non Authoritative\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:24 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 253441\r\naccept-ranges: none\r\nserver-timing: dt_total;dur=0.004, total;dur=60;desc=\"Nuxt Server Time\"\r\nset-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned\ngw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; Path=/; HttpOnly\nlng=en; Path=/\ncookies_agree_type=3; Path=/\ntzo=2; Path=/\nis12h=0; Path=/\r\nx-dt: 285\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"203","status_text":"Non Authoritative","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":253441,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (40298)","md5":"fc35822480b8178b0915af02a917e030","sha1":"a58040038d4c5bd5d0f6448cca3a2e68d562af24","sha256":"97705658dffb1c66e31ac8d0dd0fdf248ddbd6ea68364e2780c0f25c49da87f9","sha512":"4f3006bfc140c68751912749f7382cec122331b023ae5da674d0dde6e4b2ac624cd7d97b72220818d3922c710ecbe3269e85842da2eb994781ae4686d2861757","ssdeep":"3072:IuE5dFYtmZJNmcnJZz1Su/VHI4fmZJ/mcnJZzMtJHR/98kDhu07W54Fe:gdOQnRZ/lanItzDE07/Fe","tlshash":"5b44a52ba50c1c3e911f1fa9c54f7d4e5b7c9e2a20cb6c11dcaeae2914e7694426343f","first_seen":"2025-09-26T06:11:02.591963Z","last_seen":"2025-09-26T06:11:02.591963Z","times_seen":1,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":137,"receive":100,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_685e35cb01.css","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/Desktop/__shared_685e35cb01.css HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: text/css; charset=utf-8\r\ntraceparent: 00-c3f4a6739d0f0a08aaf4fed113545864-a158a4554579de5d-01\r\nlast-modified: Thu, 25 Sep 2025 13:19:26 GMT\r\netag: W/\"f20b654f71d35e62521b615e5875425a\"\r\nx-amz-meta-mtime: 1758806270.606111086\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 18:28:57 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 42088\r\ncache: HIT\r\nx-cached-since: 2025-09-25T18:28:57+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3728,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3727)","md5":"f20b654f71d35e62521b615e5875425a","sha1":"9d109128b806af8d91912b7dd2364bb4842c6040","sha256":"8bb3aa44b7496967b1992da34d899ed1fdd440a304104a133368e9bd0295b3db","sha512":"ad4e932c950cc47da9f45c60dab693a4cd8d1f44cad21161d28ee9fc8ba7fadd7b26332953af2e639ed4e737e99cf6328a7b0f465ca23f41a9d6209b812f19d9","ssdeep":"","tlshash":"1671649abcb4c1398933f812128c8e7d0631f9abd9251c9ef6dd872654c3a970190af9","first_seen":"2025-08-22T10:11:14.531592Z","last_seen":"2025-10-31T01:18:46.263466Z","times_seen":1176,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":184,"dns":18,"connect":3,"send":0,"wait":1,"receive":0,"ssl":166},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\ntraceparent: 00-eb604ef345d5a9a84787007d35d3daea-cca772fe5816d54b-01\r\nlast-modified: Thu, 26 Jun 2025 16:06:49 GMT\r\netag: W/\"9e075dc2a068d12162e260d49c92f233\"\r\ncache-control: max-age=3600\r\ncontent-encoding: gzip\r\nexpires: Thu, 26 Jun 2025 17:12:47 GMT\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 1335\r\ncache: HIT\r\nx-cached-since: 2025-09-26T05:48:11+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4086,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"9e075dc2a068d12162e260d49c92f233","sha1":"9c748240ee9aeeb922f9998005c557517763a979","sha256":"81b3796da635e227e36b1a44c3224d8e0ccda902293beb08f84d870ed3bcee99","sha512":"6572c0bd8d55d4edc9ff8f263ef021d454593330e2f09759a2a26153870083e1d2cc308575d01196919d60a86170bd6b24436163427692b99eed38d0643eac9e","ssdeep":"","tlshash":"13819e0959831ef21abf8e90705e88663be5d06bde1764140fb5c30f3377e93668284a","first_seen":"2025-06-26T22:02:08.124583Z","last_seen":"2025-12-10T17:51:01.422955Z","times_seen":3966,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_fast_deep_equal_RNYYWXHZ.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 865\r\ntraceparent: 00-06f42c1d5470bc658f4748617911429a-4aadef4f5f4e1d05-01\r\nlast-modified: Thu, 25 Sep 2025 07:47:44 GMT\r\netag: \"00e44cad05af09626c2b10aeee7de5a3\"\r\nx-amz-meta-mtime: 1758786405.761398621\r\nexpires: Fri, 26 Sep 2025 09:31:24 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 74217\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:33:29+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":865,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (840)","md5":"00e44cad05af09626c2b10aeee7de5a3","sha1":"4461fd05cdd85255f4ab24edd5ac80e7b6dec92e","sha256":"5277a86b8db312b1e34318cb994829e113d8204c3a2e88ab594e5135b2bbfb2a","sha512":"548bf615b1118881d21a0cfd2d530b3f0ce1e14cc93cb6afce662b30ac70877fa152fd71b5d786bb2e43e31a1980e00b83106b1f4b3ae12fbb2ddbedf6c81841","ssdeep":"","tlshash":"901159c232e3a0d183e058cd1001d906f23969e9a4bca0c9c757e6b93cb2a53d87672a","first_seen":"2025-08-22T10:11:14.567955Z","last_seen":"2026-03-04T04:00:43.420123Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PJNUBKRP.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/shared-assets/__shared_localforage_PJNUBKRP.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-e4dee303c0532ae21f646ee7af7bf2a8-2065f83f5cf54af0-01\r\nlast-modified: Thu, 25 Sep 2025 08:42:48 GMT\r\netag: W/\"7e7ebd44e3a6550f862e122ab7df6409\"\r\nx-amz-meta-mtime: 1758789638.422507147\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 09:23:07 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 74067\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:35:59+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30277,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (30255)","md5":"7e7ebd44e3a6550f862e122ab7df6409","sha1":"384ecbc3ab0f65e6b0f88c1e68ba3eb73fad4999","sha256":"138767518a09e63d24f918f6380923893a2ec3aa59a640e51c83517501823076","sha512":"e2766b50e289dc6a69fa30432a49a0b7743f15cd15a54d707959c7623f258057a821a94285c492746216cfbf815089309b6cc09b930ba7977ff9c4ffc352d76e","ssdeep":"768:wDKAOpvMewHFuM96WwZACjzz46zSTKsBE1OvFXfX1UXk:wm8uPW43zEIOvdlUU","tlshash":"a5d2b68c7799f02683bb3070907f580ef237a912594d90a0e591e5f86dbd75c822bfad","first_seen":"2025-08-22T10:11:14.535778Z","last_seen":"2026-03-04T04:00:43.425133Z","times_seen":3921,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7e381af68a.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7e381af68a.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 947\r\ntraceparent: 00-5f83194d16340150ad64b5a42fdd3bb8-f74b934a625269d3-01\r\nlast-modified: Wed, 24 Sep 2025 09:22:16 GMT\r\netag: \"d6a027801db4c1d6536c15243e2d00f3\"\r\nx-amz-meta-mtime: 1758705689.752485656\r\nexpires: Thu, 25 Sep 2025 09:24:35 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.002\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 74466\r\ncache: HIT\r\nx-cached-since: 2025-09-25T09:29:20+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":947,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (944)","md5":"d6a027801db4c1d6536c15243e2d00f3","sha1":"9aaed4050d0bfe2a02b1b29664a01cf37879bed0","sha256":"3265763eaa32326200f4f271f0b9e5ec907d69eac1036426deb31607e02fb17e","sha512":"4fe4b085a93a4284a08a989bac26185fa62930a2904a96005245b8ea11782fbff08a3fadc7da95da3fcc6be3c798810accff433a21aa8c5b424c2500acfd81dc","ssdeep":"","tlshash":"ab11487830f5d054f76a58ce7d29207a537c1904370da8f2f3bd459610da096d5b7d8a","first_seen":"2025-09-24T10:08:54.306524Z","last_seen":"2025-10-02T07:15:42.690332Z","times_seen":191,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xlite-93399.world/hd-api/external/019984a5-117c-7ff9-9452-75dba5f89e06.js","fqdn":"1xlite-93399.world","domain":"1xlite-93399.world","tld":"world"},"ip":{"addr":"185.162.90.24","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:34.501Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1xlite-93399.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 05:20:46 GMT","end":"Sun, 30 Nov 2025 05:20:45 GMT"},"fingerprint":{"sha1":"81:C1:18:44:2F:F5:43:8E:9E:E1:3C:0F:E4:A0:72:79:06:37:6C:99","sha256":"2B:86:B6:31:CB:82:7C:AF:52:27:4D:DB:0D:01:8D:9B:91:6A:5D:BB:EB:2C:E3:9B:91:BB:8D:18:6D:77:6B:EC"}}},"request":{"raw":"GET /hd-api/external/019984a5-117c-7ff9-9452-75dba5f89e06.js HTTP/1.1\r\nHost: 1xlite-93399.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://1xlite-93399.world/en/block\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: platform_type=desktop; gw-blk=eyJkYXRhIjp7ImlkIjoyMjk0LCJkaXNwbGF5VHlwZUlkIjoxLCJ0ZW1wbGF0ZVR5cGVJZCI6MSwidGVtcGxhdGVJZCI6MX0sImJyZWFkY3J1bWJzIjpbMSwxMiwxNCwxNSw4ODUsMjMyMiwxNiw0OTUsODEyLDk4NSw4MTMsMTcsMTgsMjE4NiwyMzY4LDIzMDAsMjM3Niw4NDYsMjI2NywyMjkxLDIzMDMsMjM3NSw4MTAsOTQ0LDIyMTEsMjQwOSwyNDk1LDEwOTAsMTA5MywyMTkxLDEwMDIsMjI0MiwyMzAxLDI0NjEsMjQ2NCwyNDY1LDI0NjIsMjQ2NiwyMjU2LDIyNTEsMjI4NywyNDMyLDI0NzgsMjM0NSw0ODQsMzk1LDIzMjgsMjQwMiwyMzMyLDQ3NCw0NzYsMTAwNiwyNDkzLDIzOTQsMjM2NiwyNDAzLDIzMTEsODA5LDkxMiw4MDYsNzg2LDc2OCw3NzUsNzY3LDc2Niw3NTEsMjQyNCwxMDM5LDIzMjcsMjQyMiwyNDY4LDkwNyw5ODQsMTEwNiwyNDA4LDIzMDcsMjE1NSwyMzcyLDExMTksMjI5NiwyMzU0LDIzNDAsOTY4LDIyMjksMjM5MiwyNDMxLDI0MTMsMjQzNCwxMDk2LDIzNTEsNzU5LDIyMjgsMjIxNCw4NDMsODQyLDIzNTIsNzU2LDc0Nyw3NDgsNTQ4LDIzNTMsMjQyNSwyNDI2LDI0NzMsMjQ5Miw3ODcsMjQ0NiwyMTYzLDgzOSw3ODMsMjQ3Nyw1MjUsMjQ4MCwyNDM5LDI0NDAsNTI0LDEwNzUsMjQxNiwxMDc0LDU0OSw5NDMsNTEyLDExMTcsMTEwMSwxMDczLDIzMTAsMjM5NywyNDYzLDI0NTIsMjM3OCwyMzg4LDIzODksMjM5NiwyNDA3LDI0MTAsMjQxMiwyNDE4LDI0MjAsMjQ3NSwyNDI4LDI0MzUsMjQ2NywyNDUxLDI0OTQsMjQyMywyMzY5LDEwNzgsMjQzNywxMTAwLDI0MzYsMjQyOSwxMDE5LDUxNSw1MjIsNzY5LDQ3NSw1NDUsODE1LDgxNywyNDU2LDQ3Nyw0OTgsOTQyLDIzMjAsMjI4OSwyMjgwLDEwODYsOTc4LDEwODQsOTg2LDIxOTcsOTkzLDk3Nyw1MzAsMjI0Myw5ODEsOTg3LDIxODIsMjI5NSwyMTU2LDIxNTcsMTA5Miw4MDQsMjIzOSwyMjIxLDk5NCw5OTksOTk4LDk5NSwxMDA3LDEwMDgsMTAxMCwxMDA1LDExMDIsMjE5OSwyMTk4LDEwMTIsMTAyMywxMDk4LDIyMDEsMTAyMiwxMDQwLDI0NzEsMjQ4OCwyMTU5LDEwODksMjE3OSwxMTIyLDEwODcsMTA0MiwxMDQzLDEwNzYsMTA3NywyMzIxLDIzNjIsMjE3MSwyNDg5LDIxNzcsMjE3NiwyNDkxLDEwODMsNTMxLDk5Miw5OTAsMjM0NywxMDQxLDIzOTgsMjIwMiwxMDE4LDI0NDQsMjQ3MiwxMDk5LDEwODIsNzg0LDU1Nyw3NzgsNzgyLDE5LDY1NiwyMjIwLDIyOTRdfQ==; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_59749m_4096c_%5B%5DALL%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D23362-103812-9792665_d30845_l112421_clickunder; auid=uaJaGGjWLlB9f0OFA+NJAg==; window_width=1280; che_g=8fd91726-ba95-4929-af8d-9768ced2f04f; SESSION=5a54e7ecd3fa7b7923a1336947d1cd3f\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:34 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 100549\r\ncache-control: private, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nx-dt: 285\r\nx-hd-trace-id: xnII3WLSKS9HSQf60Z+GpR4SY7M0lHzvK9pOYSgq1FsH9EsUgeuI3dlQTPB9tCm52RzFf8SB2PVbwpl0+3F5vWE7SanCr01RldcxCPbOT65MGWciAv8VdPJiwfI9kVTGsaEZFpfxBVVs5XmQc2iW3kzPnY5TfDaaHNKTA/0AmCIRKUM63ENzmWHz9ialjhYPAKs=\r\nx-request-guid: 1aea758722ced2432897bf86631cdf8f\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver-timing: dt_total;dur=0.008, wf-uht;dur=0.037\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":350176,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f986b9aa3ebe88a7b180e80807af68fb","sha1":"3f3e91b75cc4d69e21017a4f51168c9406fe6f40","sha256":"b0753c6a5fc3b7f57c7522a99e5eae37bf8ec07f7ec51ea42e4eafbe0c5d96ff","sha512":"0c2e9d3b0af1f770f9693432193524df98185b2f7f5f4edf546317e7f6084fdb3c4306b9bca33f1f98b3c716f140dee87ee4f05aedd78050140dd6f0395740f3","ssdeep":"3072:ROt+kWhgXic+c4HOjpb2A76W/jwwKFwJykDaZn8tog3MbGu7rf/tWbuJ:TicDcpb2A76WDuwJyVN8N3Mqu/Ab+","tlshash":"3d7472bdfebbdc29b2890ca272f15d59d5a81fa500dd8159a707ff0fab45c35a238801","first_seen":"2025-09-26T06:11:02.597523Z","last_seen":"2025-09-26T06:11:02.597523Z","times_seen":1,"resource_available":true,"data":null}},"time_used":74,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":66,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"1xlite-93399.world","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:35.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1xlite-93399.world\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://v3.traincdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:35 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 63748\r\ntraceparent: 00-3e788fc9221e46b09fd9aaa571515446-c33eabbbf4220677-01\r\nlast-modified: Wed, 14 Jun 2023 09:49:53 GMT\r\netag: \"6887b6f24414dbc612dbf42ccdc76b70\"\r\nexpires: Thu, 16 Jan 2025 10:32:14 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 618\r\ncache: HIT\r\nx-cached-since: 2025-09-26T06:00:17+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 63748, version 1.0","md5":"6887b6f24414dbc612dbf42ccdc76b70","sha1":"8068d3abfbc6cbf35b55919da45b1f4d2d136238","sha256":"fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c","sha512":"00f08f9dd648972c9571547e06172d5505dd13f577fe2e65a497d3856172807ac11c996984e4138d2eb2ac784257fe61864aee15752fe9e9e76f98db931e0c2a","ssdeep":"1536:KtdCG+Dz6RxAx457zL0ASEn091Y0H1mTOzI/OzMFOoTX4u:MMG+yRpzN091Y0VtI/pOoTt","tlshash":"8b5302485551fae2cac3073c0f7a89dbb37a776d519224cd98b69f830d37964bea2070","first_seen":"2023-06-14T19:15:49Z","last_seen":"2026-04-16T23:39:39.988425Z","times_seen":10467,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:25.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 653\r\ntraceparent: 00-f3b813a5fc012c2ba53a2c7218d15d6e-208feea049ef8a27-01\r\nlast-modified: Wed, 26 Jun 2024 08:18:02 GMT\r\netag: \"e6f0766cbd95db33da44e7a9140648f2\"\r\nexpires: Thu, 16 Jan 2025 10:46:36 GMT\r\ncache-control: max-age=3600\r\nx-time-ng: 0.000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 204\r\ncache: HIT\r\nx-cached-since: 2025-09-26T06:07:01+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":653,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"e6f0766cbd95db33da44e7a9140648f2","sha1":"5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf","sha256":"c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0","sha512":"249da39baba03408de98c7fa9a9342ef120436037ab6245b3b4a5f1a206291caaf67481c6ed67064544576697d41ab82499abffec998d837812292a050bf826a","ssdeep":"","tlshash":"90f083e032254a855c02ac7fc33414448fb226cc3682bb09e012887119d24a79dd1368","first_seen":"2023-04-05T22:56:35Z","last_seen":"2026-04-03T12:07:45.643999Z","times_seen":6597,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"v3.traincdn.com/main-static/6f67e0c5/desktop/default/vendors/plugins.vue-notification-9c2cf5c4.js","fqdn":"v3.traincdn.com","domain":"traincdn.com","tld":"com"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1xlite-93399.world/en/block","date":"2025-09-26T06:10:26.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.traincdn.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA","sha256":"25:0D:BA:0E:61:92:06:3D:A5:AC:35:E6:49:CB:32:10:0C:93:21:05:99:95:91:80:04:2F:A7:FF:E2:E7:5B:C4"}}},"request":{"raw":"GET /main-static/6f67e0c5/desktop/default/vendors/plugins.vue-notification-9c2cf5c4.js HTTP/1.1\r\nHost: v3.traincdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1xlite-93399.world/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 06:10:26 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ntraceparent: 00-a0bb3258d2aa276843ea334fc951e85f-b46bdbcda9a6720a-01\r\nlast-modified: Thu, 25 Sep 2025 12:04:03 GMT\r\netag: W/\"1ec400a7033dda7754ff43479ecb9bbb\"\r\nx-amz-meta-mtime: 1758801842.782222304\r\ncontent-encoding: gzip\r\nexpires: Fri, 26 Sep 2025 12:24:23 GMT\r\ncache-control: max-age=86400\r\nx-time-ng: 0.001\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\nx-id: osix-hw-edge-gc4\r\nage: 63761\r\ncache: HIT\r\nx-cached-since: 2025-09-25T12:27:45+00:00\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12563,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (12563), with no line terminators","md5":"1ec400a7033dda7754ff43479ecb9bbb","sha1":"e4359089c1819d6cf4dabfb1db69840d8f598425","sha256":"9e3a19d44f125ffd4130c4ff0faffe12bcff7663f11d14a369aa430820c2fe95","sha512":"a2b448083f1af675828a2e0d256b09ae555ad6caa47e6188d2dad4cee7d77787ce08cec5688bf6178f0804348a7c04295cdf51daaf98005c11a14f5ca916177c","ssdeep":"192:0U1hQXHv3CbfKpqEVwhSIkrReP+SdHtfGA2D3ow5EE9bJ52bFZLy2mp4ilVk:0n3CmpcDkAP+S/fGAWf5VbWbLy2mmijk","tlshash":"5d4296ceb2c2b4650be760b6402f110af136a96869ab54d4f3b1d4f2adb564c413bf39","first_seen":"2025-09-18T09:12:41.672202Z","last_seen":"2025-09-26T07:36:11.22234Z","times_seen":188,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}