Report - 1x-xredbet002400.top/registration/?tag=d_786679m_1599c_&site=786679&ad=1599&r=registration/&pb=883e8b8ae12b41f9b9ffc473f4a9ab84&click

Report Overview

URL

1x-xredbet002400.top/registration/?tag=d_786679m_1599c_&site=786679&ad=1599&r=registration/&pb=883e8b8ae12b41f9b9ffc473f4a9ab84&click_id=epllc63d2f879000d5f0a
IP

178.253.47.23

ASN

#0
Submitted

2023-01-26T22:03:13Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

2
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
radar.cedexis.com (1)	3035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374	19103	45.54.49.5
stats.g.doubleclick.net (1)	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	609	709	173.194.221.157
suphelper.com (1)	156440	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	369	1478	104.16.43.72
1x-xredbet002400.top (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1076	1237	178.253.47.23
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2374	35.241.9.150
fonts.gstatic.com (6)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2917	98423	216.58.207.227
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	391	34.117.237.239
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	52.35.143.109
img-getpocket.cdn.mozilla.net (5)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2705	46267	34.120.237.76
www.google-analytics.com (1)	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374	20730	142.250.74.110
region1.google-analytics.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	871	564	216.239.32.36
www.google.com (1)	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390	1170	142.250.74.164
1xlite-615175.top (30)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	34957	275464	178.253.15.10
fonts.googleapis.com (1)	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	548	2657	142.250.74.106
ocsp.pki.goog (9)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3087	6293	142.250.74.131
v3.traincdn.com (27)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	11819	789890	8.254.252.213
www.googletagmanager.com (1)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	387	45777	142.250.74.168
www.gstatic.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	445	164759	142.250.74.3
r3.o.lencr.org (9)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3042	7979	23.33.119.27
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5843	34.160.144.191
ocsp.sectigo.com (5)	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1700	4815	104.18.32.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-26T22:03:00Z	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-01-26T22:03:01Z	medium	Client IP	178.253.47.23	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (107)

URL IP Response Size

1x-xredbet002400.top/registration/?tag=d_786679m_1599c_&site=786679&ad=1599&r=registration/&pb=883e8b8ae12b41f9b9ffc473f4a9ab84&click_id=epllc63d2f879000d5f0a

178.253.47.23

301 Moved Permanently

162

URL HTTP/1.1

1x-xredbet002400.top/registration/?tag=d_786679m_1599c_&site=786679&ad=1599&r=registration/&pb=883e8b8ae12b41f9b9ffc473f4a9ab84&click_id=epllc63d2f879000d5f0a
IP

178.253.47.23:0
ASN

#0

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

162
Hash

4f8e702cc244ec5d4de32740c0ecbd97

3adb1f02d5b6054de0046e367c1d687b6cdf7aff

9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

                                        GET /registration/?tag=d_786679m_1599c_&site=786679&ad=1599&r=registration/&pb=883e8b8ae12b41f9b9ffc473f4a9ab84&click_id=epllc63d2f879000d5f0a HTTP/1.1
Host: 1x-xredbet002400.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 26 Jan 2023 22:03:01 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://1x-xredbet002400.top/registration/?tag=d_786679m_1599c_&site=786679&ad=1599&r=registration/&pb=883e8b8ae12b41f9b9ffc473f4a9ab84&click_id=epllc63d2f879000d5f0a

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5fe582397f3003b225cb9058e02c2190

68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f

238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19934
Expires: Fri, 27 Jan 2023 03:35:15 GMT
Date: Thu, 26 Jan 2023 22:03:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2405562765b49b2782ebd2e2994851d5

be7ac8e558f7875bb1fb86ab5ec674424a5ff269

422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10415
Expires: Fri, 27 Jan 2023 00:56:36 GMT
Date: Thu, 26 Jan 2023 22:03:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

69f73ac59327cd9ad7d99816ccfcc03e

c54844f82dbee0d5ee4c8ce344eb0139373e6c6b

e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12521
Expires: Fri, 27 Jan 2023 01:31:42 GMT
Date: Thu, 26 Jan 2023 22:03:01 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

bf0c602d32b3c14606f22a86183b5e3c

6eabd8d83475eba731968abe1a05a8bfd272f160

6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 21:35:16 GMT
content-type: application/json
age: 1665
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

7b922915ebf1fa3639b333f994c74f24

144a3f80b98fd0652d4614f24cf6cbbee40f8938

adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: X16nAmNSsFZvIQctvBnetoGRixjuDUO00JKLk6lz1nJVaqm+uqd0HSjBd/0ewtcpED/TZdI//6c=
x-amz-request-id: NSJZVN9YY0B8CJ9S
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 21:49:09 GMT
age: 832
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:03:01 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a5d7b275f18c3485060462213a3a1424

72c3e88d3efb5f8efb8572596ab22450b9f60431

5bd6cf4b94f5d93d686ff8de14861a3dc2d0a2507b905ab6804b7f7e48fbb1bb

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5BD6CF4B94F5D93D686FF8DE14861A3DC2D0A2507B905AB6804B7F7E48FBB1BB"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11249
Expires: Fri, 27 Jan 2023 01:10:30 GMT
Date: Thu, 26 Jan 2023 22:03:01 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 21:41:40 GMT
age: 1281
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

1e2970e1480a4759282d63bb213051e4

ed5194d4d25dfc199821129be5d74be0ce49197d

18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18938
Expires: Fri, 27 Jan 2023 03:18:40 GMT
Date: Thu, 26 Jan 2023 22:03:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

15a3b3dc21b816b594b592346b831baf

e9bb4326c20e53d30c936147ab802b82d0699dcb

323c1a7d3ce85540163d28922cefb2512db1c81b572de430daf13ecf887d4774

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "323C1A7D3CE85540163D28922CEFB2512DB1C81B572DE430DAF13ECF887D4774"
Last-Modified: Thu, 26 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9247
Expires: Fri, 27 Jan 2023 00:37:09 GMT
Date: Thu, 26 Jan 2023 22:03:02 GMT
Connection: keep-alive

push.services.mozilla.com/

52.35.143.109

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

52.35.143.109:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rvxz2zuIE/L1Aspj20P7DQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8SEw8IEvMqhgY/TgqgkmZLxCLNw=

1xlite-615175.top/genfiles/cms/pg/285/css/value/1be89d6b98cd71a7ba406826eb87f6c7.css

178.253.15.10

200 OK

6309

URL HTTP/2

1xlite-615175.top/genfiles/cms/pg/285/css/value/1be89d6b98cd71a7ba406826eb87f6c7.css
IP

178.253.15.10:0
ASN

#0

Magic

ASCII text, with very long lines (34410), with no line terminators

Size

6309
Hash

e01441ee6f41041ff028cacd4a391ded

4626b275b8624c8d3529191ff907e85ff4e54291

262b2c5f47f770b70758c73d2f6d0a5f8c1faa9a8c6e0a46f86c4ff27779c10e

HTTP Headers

                                        GET /genfiles/cms/pg/285/css/value/1be89d6b98cd71a7ba406826eb87f6c7.css HTTP/1.1
Host: 1xlite-615175.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/en/registration?tag=d_786679m_1599c_&site=786679&ad=1599&r=registration%2F&pb=883e8b8ae12b41f9b9ffc473f4a9ab84&click_id=epllc63d2f879000d5f0a
Cookie: platform_type=desktop; auid=sv0PCmPS+JYUGobaA3I1Ag==; SESSION=3dc06755f5cffeadb5dd8a2981480335; lng=en; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_786679m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_786679m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_786679m_1599c_%22%2C%22site%22%3A%22786679%22%2C%22ad%22%3A%221599%22%2C%22r%22%3A%22registration%2F%22%2C%22pb%22%3A%22883e8b8ae12b41f9b9ffc473f4a9ab84%22%2C%22click_id%22%3A%22epllc63d2f879000d5f0a%22%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 26 Jan 2023 08:39:48 GMT
x-rgw-object-type: Normal
etag: W/"efec70b87f5cef37b08255376581daea"
content-encoding: br
expires: Thu, 26 Jan 2023 23:03:03 GMT
cache-control: max-age=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Righteous&family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,500;0,700;1,300;1,400;1,500;1,700;1,900&display=swap

142.250.74.106

200 OK

1911

URL HTTP/2

fonts.googleapis.com/css2?family=Righteous&family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,500;0,700;1,300;1,400;1,500;1,700;1,900&display=swap
IP

142.250.74.106:0
ASN

#15169 GOOGLE

Magic

data

Size

1911
Hash

11f42b8816a5fc451bdebbc3ac3fa9af

1eeeb5c9731757c9fc41e5a21f6acb13217b9993

38bfa929457e7c3e97d1f3f667251347d399d4beb7e5260968934a5d3251abd5

HTTP Headers

                                        GET /css2?family=Righteous&family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,500;0,700;1,300;1,400;1,500;1,700;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 26 Jan 2023 22:03:03 GMT
date: Thu, 26 Jan 2023 22:03:03 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471

URL HTTP/1.1

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

471
Hash

99ac9c3cc4db78c43f62ab2f9acf54b5

a84170e0a3fc4ecccdfe30656b2e54cd190a091c

a2cfde65bc4200228c8fd575807531fd5f8a0997015d9ff9382cf9fdc3aaca7a

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 22:03:03 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 03:03:03 GMT
Expires: Thu, 02 Feb 2023 03:03:02 GMT
Etag: "a84170e0a3fc4ecccdfe30656b2e54cd190a091c"
Cache-Control: max-age=535798,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fc89515cd3b509-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471

URL HTTP/1.1

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

471
Hash

99ac9c3cc4db78c43f62ab2f9acf54b5

a84170e0a3fc4ecccdfe30656b2e54cd190a091c

a2cfde65bc4200228c8fd575807531fd5f8a0997015d9ff9382cf9fdc3aaca7a

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 22:03:03 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 03:03:03 GMT
Expires: Thu, 02 Feb 2023 03:03:02 GMT
Etag: "a84170e0a3fc4ecccdfe30656b2e54cd190a091c"
Cache-Control: max-age=535798,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fc89515ee20b39-OSL

v3.traincdn.com/_nuxt/desktop/default/commons/app-b5a011d3.modern.js

8.254.252.213

200 OK

86141

URL HTTP/2

v3.traincdn.com/_nuxt/desktop/default/commons/app-b5a011d3.modern.js
IP

8.254.252.213:0
ASN

#3356 LEVEL3

Magic

ASCII text, with very long lines (65476)

Size

86141
Hash

1c71b602675d672df28ad37adcde5a1b

245844b5b6273f8354bd65d691e757848ce1e04e

73202f79f236a5a8afb78a395b48a66ebc059285de6e986ebec5666ef15c4bb3

HTTP Headers

                                        GET /_nuxt/desktop/default/commons/app-b5a011d3.modern.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 86141
cache-control: max-age=86400
content-encoding: gzip
etag: "63d237a2-1507d"
expires: Fri, 27 Jan 2023 08:44:04 GMT
last-modified: Thu, 26 Jan 2023 08:19:46 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 47957
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Registration-fe2b480a.modern.js

8.254.252.213

200 OK

1155

URL HTTP/2

v3.traincdn.com/_nuxt/desktop/default/Page.Registration-fe2b480a.modern.js
IP

8.254.252.213:0
ASN

#3356 LEVEL3

Magic

ASCII text, with very long lines (3016), with no line terminators

Size

1155
Hash

1dc8443c9f77be4f3cee5177cece3fe7

e5f11639e6b94c48592114d9769b0ff6b1a2f941

504e846a75ab386fdba28aa17cc3f40a6be3031ee0fa5e78b5b64ef0b5917740

HTTP Headers

                                        GET /_nuxt/desktop/default/Page.Registration-fe2b480a.modern.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 1155
cache-control: max-age=86400
content-encoding: gzip
etag: "63d237a2-483"
expires: Fri, 27 Jan 2023 08:44:10 GMT
last-modified: Thu, 26 Jan 2023 08:19:46 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 47933
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/447d11ab.css

8.254.252.213

200 OK

2190

URL HTTP/2

v3.traincdn.com/_nuxt/desktop/default/css/447d11ab.css
IP

8.254.252.213:0
ASN

#3356 LEVEL3

Magic

ASCII text, with very long lines (15795), with no line terminators

Size

2190
Hash

4903ac8e8dc6a97e695f35a12b1fded1

838e15675244952d39e39447fe2b8f19b699a9bf

80f5a4f5b33cf232094842c11e6a3727beca1c45dd63d6d9d37ea65f1f9f2f65

HTTP Headers

                                        GET /_nuxt/desktop/default/css/447d11ab.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: text/css
content-length: 2190
cache-control: max-age=86400
content-encoding: gzip
etag: "63d237a2-88e"
expires: Fri, 27 Jan 2023 08:44:26 GMT
last-modified: Thu, 26 Jan 2023 08:19:46 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 47957
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Block/Page.Maintenance/Page.Registration/Page.SiteUpdates-3ab78631.modern.js

8.254.252.213

200 OK

73993

URL HTTP/2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Block/Page.Maintenance/Page.Registration/Page.SiteUpdates-3ab78631.modern.js
IP

8.254.252.213:0
ASN

#3356 LEVEL3

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

73993
Hash

4d42d9dcc02c2a80c8775ce21a85a7eb

2e27a57b6507f600749eb672f576a6ed6fbf8630

af15af4534f1286b3ffff49bd2a5f58e18d29ae3f9c79a9c4d69340204f99f0c

HTTP Headers

                                        GET /_nuxt/desktop/default/vendors/Page.Block/Page.Maintenance/Page.Registration/Page.SiteUpdates-3ab78631.modern.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 73993
cache-control: max-age=86400
content-encoding: gzip
etag: "63d237a2-12109"
expires: Fri, 27 Jan 2023 08:44:44 GMT
last-modified: Thu, 26 Jan 2023 08:19:46 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 47947
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/pg/285/images/e2e1a81329ec0acf4e446b6fc70e4cf1.svg

8.254.252.213

200 OK

698

URL HTTP/2

v3.traincdn.com/genfiles/cms/pg/285/images/e2e1a81329ec0acf4e446b6fc70e4cf1.svg
IP

8.254.252.213:0
ASN

#3356 LEVEL3

Magic

SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1224), with no line terminators

Size

698
Hash

baf96800254904a05eee2ff49c94a801

847efb3449a8d7857f004192310aa2164a71d530

0ba137aa5f655e712ac40a592f366d1bd3b53b0a6b71c2cff4e7e0090f440335

HTTP Headers

                                        GET /genfiles/cms/pg/285/images/e2e1a81329ec0acf4e446b6fc70e4cf1.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: image/svg+xml
content-length: 698
cache-control: public, max-age=120, s-maxage=600
content-encoding: gzip
etag: W/"7cca3986f7a5c4c164144ff11df71073"
expires: Fri, 27 Jan 2023 03:09:05 GMT
last-modified: Thu, 13 Jan 2022 14:28:56 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-rgw-object-type: Normal
age: 68039
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.Information/Page.Betting.Main/Page.Bonus/Page.Cyber.Calendar/Page.DesktopApps/Page.Game.Proje/eb0fc106-1fc3d163.modern.js

8.254.252.213

200 OK

2525

URL HTTP/2

v3.traincdn.com/_nuxt/desktop/default/Layout.Information/Page.Betting.Main/Page.Bonus/Page.Cyber.Calendar/Page.DesktopApps/Page.Game.Proje/eb0fc106-1fc3d163.modern.js
IP

8.254.252.213:0
ASN

#3356 LEVEL3

Magic

ASCII text, with very long lines (8713), with no line terminators

Size

2525
Hash

63adde5eb5604e57bac0ee72ff80ef4d

906f7ee7ced028371e2df8c41b6127e72ebde5de

fba79bd2a38db39b3f8992bb12f6d0c3461c194e71965bff37f6514b1ef39a72

HTTP Headers

                                        GET /_nuxt/desktop/default/Layout.Information/Page.Betting.Main/Page.Bonus/Page.Cyber.Calendar/Page.DesktopApps/Page.Game.Proje/eb0fc106-1fc3d163.modern.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 2525
cache-control: max-age=86400
content-encoding: gzip
etag: "63d237a2-9dd"
expires: Fri, 27 Jan 2023 08:44:04 GMT
last-modified: Thu, 26 Jan 2023 08:19:46 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 47959
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/047e1132.css

8.254.252.213

200 OK

632

URL HTTP/2

v3.traincdn.com/_nuxt/desktop/default/css/047e1132.css
IP

8.254.252.213:0
ASN

#3356 LEVEL3

Magic

ASCII text, with very long lines (2717), with no line terminators

Size

632
Hash

30ddc45c0a82175a7104ebff080e0d37

60f67df6cea1a428eb7de52880777d1d145bc97b

eb0cf5cec9e9b4427f09d5e66eb0b286c4be120626d469ad5ff931483c29e2b2

HTTP Headers

                                        GET /_nuxt/desktop/default/css/047e1132.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: text/css
content-length: 632
cache-control: max-age=86400
content-encoding: gzip
etag: "63d237a2-278"
expires: Fri, 27 Jan 2023 15:38:38 GMT
last-modified: Thu, 26 Jan 2023 08:19:46 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 23065
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/app-f4200ce4.modern.js

8.254.252.213

200 OK

186979

URL HTTP/2

v3.traincdn.com/_nuxt/desktop/default/app-f4200ce4.modern.js
IP

8.254.252.213:0
ASN

#3356 LEVEL3

Magic

Unicode text, UTF-8 text, with very long lines (65535), with no line terminators

Size

186979
Hash

7ca50f4901e8bd7c9557a5f1c80fbec0

92f484c49ed59b1f2cc3b7b577e7f56e57de3c6f

a440188785e60d692889509b51c687c0df97faa9be54fe20aeffbb006f645892

HTTP Headers

                                        GET /_nuxt/desktop/default/app-f4200ce4.modern.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 186979
cache-control: max-age=86400
content-encoding: gzip
etag: "63d237a2-2da63"
expires: Fri, 27 Jan 2023 08:44:06 GMT
last-modified: Thu, 26 Jan 2023 08:19:46 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 47958
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/a895c423.css

8.254.252.213

200 OK

13325

URL HTTP/2

v3.traincdn.com/_nuxt/desktop/default/css/a895c423.css
IP

8.254.252.213:0
ASN

#3356 LEVEL3

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

13325
Hash

da04be410ea27922926bff63a07d6dd3

808a9d8c5f86a21c5cd89ffaee951ab25c2a0507

31ebbfcb8bda6274f09c55c7f33ca1394e936ee5022b8378bb745c23b8dfc8fe

HTTP Headers

                                        GET /_nuxt/desktop/default/css/a895c423.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: text/css
content-length: 13325
cache-control: max-age=86400
content-encoding: gzip
etag: "63d237a2-340d"
expires: Fri, 27 Jan 2023 08:44:04 GMT
last-modified: Thu, 26 Jan 2023 08:19:46 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 47958
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-481b2231.modern.js

8.254.252.213

200 OK

218087

URL HTTP/2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-481b2231.modern.js
IP

8.254.252.213:0
ASN

#3356 LEVEL3

Magic

Unicode text, UTF-8 text, with very long lines (65396)

Size

218087
Hash

dba60feb99ac1c5c6c3dae961582b486

07aa043409f5840cde88bd56707e6ff4bfa2ca4e

6755192b57a49f7f75d3565909b78afd4833912d6651f7d077f20e8febe3f1ba

HTTP Headers

                                        GET /_nuxt/desktop/default/vendors/app-481b2231.modern.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 218087
cache-control: max-age=86400
content-encoding: gzip
etag: "63d237a2-353e7"
expires: Fri, 27 Jan 2023 08:44:04 GMT
last-modified: Thu, 26 Jan 2023 08:19:46 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 47957
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471

URL HTTP/1.1

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

471
Hash

99ac9c3cc4db78c43f62ab2f9acf54b5

a84170e0a3fc4ecccdfe30656b2e54cd190a091c

a2cfde65bc4200228c8fd575807531fd5f8a0997015d9ff9382cf9fdc3aaca7a

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 22:03:03 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 03:03:03 GMT
Expires: Thu, 02 Feb 2023 03:03:02 GMT
Etag: "a84170e0a3fc4ecccdfe30656b2e54cd190a091c"
Cache-Control: max-age=535798,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fc895159dab521-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471

URL HTTP/1.1

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

471
Hash

99ac9c3cc4db78c43f62ab2f9acf54b5

a84170e0a3fc4ecccdfe30656b2e54cd190a091c

a2cfde65bc4200228c8fd575807531fd5f8a0997015d9ff9382cf9fdc3aaca7a

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 22:03:03 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 03:03:03 GMT
Expires: Thu, 02 Feb 2023 03:03:02 GMT
Etag: "a84170e0a3fc4ecccdfe30656b2e54cd190a091c"
Cache-Control: max-age=535798,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fc89515bd9b50f-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471

URL HTTP/1.1

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

471
Hash

99ac9c3cc4db78c43f62ab2f9acf54b5

a84170e0a3fc4ecccdfe30656b2e54cd190a091c

a2cfde65bc4200228c8fd575807531fd5f8a0997015d9ff9382cf9fdc3aaca7a

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 22:03:03 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 03:03:03 GMT
Expires: Thu, 02 Feb 2023 03:03:02 GMT
Etag: "a84170e0a3fc4ecccdfe30656b2e54cd190a091c"
Cache-Control: max-age=535798,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fc89515c71b51b-OSL

v3.traincdn.com/_nuxt/desktop/default/css/bf967876.css

8.254.252.213

200 OK

39797

URL HTTP/2

v3.traincdn.com/_nuxt/desktop/default/css/bf967876.css
IP

8.254.252.213:0
ASN

#3356 LEVEL3

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

39797
Hash

9b85e47b640baa9eb4dbb41915d1f9a3

034b606abd1d6f6a27e7f37d89c42e0407914bca

98a87b9557d4e0da4efe55e0cdcf7005375709bcf4c42bbf55ff4a63e69e97b0

HTTP Headers

                                        GET /_nuxt/desktop/default/css/bf967876.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: text/css
content-length: 39797
cache-control: max-age=86400
content-encoding: gzip
etag: "63d237a2-9b75"
expires: Fri, 27 Jan 2023 13:41:05 GMT
last-modified: Thu, 26 Jan 2023 08:19:46 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 30118
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-615175.top/en/registration?tag=d_786679m_1599c_&site=786679&ad=1599&r=registration%2F&pb=883e8b8ae12b41f9b9ffc473f4a9ab84&click_id=epllc63d2f879000d5f0a

178.253.15.10

200 OK

151928

URL HTTP/2

1xlite-615175.top/en/registration?tag=d_786679m_1599c_&site=786679&ad=1599&r=registration%2F&pb=883e8b8ae12b41f9b9ffc473f4a9ab84&click_id=epllc63d2f879000d5f0a
IP

178.253.15.10:0
ASN

#0

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (42472)

Size

151928
Hash

e63ea8f47a71e410379a510ef31e61ab

b116ee43b50bc9df9cf4ad21e9da72930b8fa545

0682238ce77c74c59666b2f2e48382a977a25ea74e580b323794dc6fe14f2446

HTTP Headers

                                        GET /en/registration?tag=d_786679m_1599c_&site=786679&ad=1599&r=registration%2F&pb=883e8b8ae12b41f9b9ffc473f4a9ab84&click_id=epllc63d2f879000d5f0a HTTP/1.1
Host: 1xlite-615175.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: platform_type=desktop; auid=sv0PCmPS+JYUGobaA3I1Ag==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 22:03:02 GMT
content-type: text/html; charset=utf-8
accept-ranges: none
content-encoding: gzip
server-timing: total;dur=533;desc="Nuxt Server Time", dt_285;dur=550
set-cookie: SESSION=3dc06755f5cffeadb5dd8a2981480335; Path=/; HttpOnly; Secure; SameSite=Lax
lng=en; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_786679m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Mon, 27 Mar 2023 22:03:02 GMT
reflinkid=d_786679m_1599c_; Path=/; Expires=Thu, 26 Jan 2023 23:03:02 GMT
postback_watcher=%7B%22tag%22%3A%22d_786679m_1599c_%22%2C%22site%22%3A%22786679%22%2C%22ad%22%3A%221599%22%2C%22r%22%3A%22registration%2F%22%2C%22pb%22%3A%22883e8b8ae12b41f9b9ffc473f4a9ab84%22%2C%22click_id%22%3A%22epllc63d2f879000d5f0a%22%7D; Path=/; Expires=Sat, 25 Feb 2023 22:03:02 GMT
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/runtime-be8485bd.modern.js

8.254.252.213

200 OK

12819

URL HTTP/2

v3.traincdn.com/_nuxt/desktop/default/runtime-be8485bd.modern.js
IP

8.254.252.213:0
ASN

#3356 LEVEL3

Magic

ASCII text, with very long lines (40212), with no line terminators

Size

12819
Hash

ff30e579fa9b9d9600de2ab7cc241db8

10eb340855f1a9300628818c8d4091e0ff3e3961

50ea264262a96f1a9b4f6436199ca51c32501c2aa53c382d3c286df3b7388925

HTTP Headers

                                        GET /_nuxt/desktop/default/runtime-be8485bd.modern.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1xlite-615175.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Thu, 26 Jan 2023 22:03:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 12819
cache-control: max-age=86400
content-encoding: gzip
etag: "63d237a2-3213"
expires: Fri, 27 Jan 2023 08:44:04 GMT
last-modified: Thu, 26 Jan 2023 08:19:46 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 47958
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

d9bf2793558044193d7e5d27708a9144

5a8f73462cfda6544cc3efe488854c3cd80bb0a7

e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 22:03:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2e21811f62c077f45a93d7c3b543998d

3e890a73bb51d9dd1021d5339271aa40833ba258

c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9012
Expires: Fri, 27 Jan 2023 00:33:15 GMT
Date: Thu, 26 Jan 2023 22:03:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2e21811f62c077f45a93d7c3b543998d

3e890a73bb51d9dd1021d5339271aa40833ba258

c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9012
Expires: Fri, 27 Jan 2023 00:33:15 GMT
Date: Thu, 26 Jan 2023 22:03:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2e21811f62c077f45a93d7c3b543998d

3e890a73bb51d9dd1021d5339271aa40833ba258

c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9012
Expires: Fri, 27 Jan 2023 00:33:15 GMT
Date: Thu, 26 Jan 2023 22:03:03 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (52)

#1 JS:Script (size: 41845)

#2 JS:Script (size: 1390602)

#3 JS:Script (size: 253698)

#4 JS:Script (size: 9012)

#5 JS:Script (size: 2509)

#6 JS:Script (size: 113337)

#7 JS:Script (size: 167532)

#8 JS:Script (size: 188413)

#9 JS:Script (size: 8713)

#10 JS:Script (size: 2497)

#11 JS:Script (size: 24849)

#12 JS:Script (size: 410520)

#13 JS:Script (size: 3016)

#14 JS:Script (size: 25593)

#15 JS:Script (size: 44892)

#16 JS:Script (size: 50234)

#17 JS:Script (size: 59955)

#18 JS:Script (size: 779)

#19 JS:Script (size: 795)

#20 JS:Script (size: 76412)

#21 JS:Script (size: 228956)

#22 JS:Script (size: 169647)

#23 JS:Script (size: 57755)

#24 JS:Script (size: 779461)

#25 JS:Script (size: 0)

#26 JS:Script (size: 13485)

#27 JS:Script (size: 20767)

#28 JS:Script (size: 36051)

#29 JS:Script (size: 178)

#30 JS:Script (size: 203)

#31 JS:Script (size: 852)

#32 JS:Script (size: 69)

#33 JS:Script (size: 40212)

#34 JS:Script (size: 24831)

#35 JS:Script (size: 18679)

#36 JS:Script (size: 441)

#37 JS:Script (size: 214019)

#38 JS:Script (size: 199966)

#39 JS:Script (size: 12527)

#40 JS:Script (size: 115773)

#41 JS:Script (size: 10846)

#1 JS:Eval (size: 62)

#2 JS:Eval (size: 22)

#3 JS:Eval (size: 15616)

#4 JS:Eval (size: 22)

#5 JS:Eval (size: 15608)

#6 JS:Eval (size: 22)

#7 JS:Eval (size: 22)

#8 JS:Eval (size: 17611)

#9 JS:Eval (size: 62)

#10 JS:Eval (size: 15649)

#11 JS:Eval (size: 16218)

HTTP Transactions (107)

URL HTTP/1.1

IP

ASN