| 1xlite-461430.top/polyfills.js | 178.253.29.51 | 200 OK | 0 B |
URL GET HTTP/21xlite-461430.top/polyfills.js IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /polyfills.js HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css | 185.244.209.62 | | 3.2 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (31339), with no line terminators Hash9e9b190c1ab8126c2576203d5d43ec63 a80ccb6739023605edbd86be13f38a58ff7f4906 c4a28e2bbc67a853613460727d4abba3687be55593a7513a4079ea34579fbb02
GET /_nuxt/desktop/default/css/ca542d7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: text/css
content-length: 3226
last-modified: Mon, 06 May 2024 07:48:14 GMT
etag: "66388b3e-c9a"
content-encoding: gzip
expires: Tue, 07 May 2024 09:58:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-df51af98df35f2f138882b9b44ce69ef-48d43a7b8ee8d98b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T09:58:00+00:00, 2024-05-06T10:39:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css | 185.244.209.62 | | 4.0 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (32277), with no line terminators Hasheeaf257a8645b90669a2ea93b8fb534e d81289258b7a5c126dd860232760852cc8ad865e 3a170c88ab694ad7552f7a84baa04ddb248c32b7f8ffe16d55dd73685de87aa6
GET /_nuxt/desktop/default/css/85148a0b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: text/css
content-length: 3964
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-f7c"
content-encoding: gzip
expires: Tue, 07 May 2024 12:54:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fec815007b529c239e59ccb2ad2a9690-67a27feeddfee2bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:54:58+00:00, 2024-05-06T13:53:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css | 185.244.209.62 | 200 OK | 1.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (4632), with no line terminators Hashf74d8b7e31b6ab236a9577348874385d 87091e6542649037a05fc137fa449b713c85225d b33d72295f1edbfc13da30236c4b811cffe4ba8ef758a515914cd69cf02edbf8
GET /_nuxt/desktop/default/css/5cfdf959.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: text/css
content-length: 1113
last-modified: Thu, 02 May 2024 12:52:18 GMT
etag: "66338c82-459"
content-encoding: gzip
expires: Sat, 04 May 2024 06:45:29 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-24c7c17dc089849fd1e181a1d913f0ad-76b73491784dac7d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T06:45:29+00:00, 2024-05-06T08:35:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js | 185.244.209.62 | | 267 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (61101) Size267 kB (267237 bytes) Hash1992415420cd9d59941e07133aa0c521 308a748fa982a440a112cb9e449f25a23bd6d83e 94a8f060251c7e705ee8c823783cb067e2844edb0f3900b6b0e91948d92ce907
GET /_nuxt/desktop/default/vendors/app-d26cc899.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 267237
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-413e5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-01f44ffa59a575fc486139214b45d46c-f5caf43a551163c6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:58+00:00, 2024-05-06T14:47:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js | 185.244.209.62 | | 2.5 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (8663), with no line terminators Hasha5db05d47f7f37c06acc29a0f4eeb447 b9ddddb586721548eaa4a62d7ae420bfcfc5bddb 4053d0ffbd3af6bc022131a3f123bd4e88825f1b5f06a74dd2072a2b0fe3f243
GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 2475
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-9ab"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-913b6f41c2c935d5cf2365995fc9dbaa-c3098e29468b832f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-06T14:47:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js | 185.244.209.62 | | 7.8 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (28142), with no line terminators Hash9167c6082d419d35f57a606871184d06 d4c4fac03b353c5881c352d6ac0c05947dc2e633 bed35ed9386f6d0d6f3096d00c7d14e042c5cb404f07ef0bb9abb4cc381e89c3
GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 7775
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1e5f"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-172dc24e1cbaef918221babb30ceb516-394f7f6a76f12fda-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-06T14:47:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js | 185.244.209.62 | | 8.3 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (29805), with no line terminators Hash93a3cdd4ea0ae5eb295e71988355c5d4 0c9e334aebd99fb9c44575c99abda82d0b53acb1 104a5a19f0a8b4d443e55c32daf49eea2343ee96da27b48c21f09e1425081d62
GET /_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 8283
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-205b"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5693dd3b9a7345bade3558c9946f5afb-c923643d70eb7b01-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-06T14:47:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js | 185.244.209.62 | | 6.3 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (20014), with no line terminators Hashadc7f8e289bd475a5a922c91b93591b2 540252cd02880714746d3656e61c67e7acab7fda 3b542ce26d333f558f94adb8cac49e58be95a5470eb3079d1dc0b2b7a7c97b6b
GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 6258
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-1872"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-090892cdd4d15361af62aaeeeb58011b-deaa7040d4d85166-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-06T14:47:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css | 185.244.209.62 | | 46 B |
URL v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with no line terminators Hashf506188b04c16eaa9c664ed23f7ce58e 08d068d7fa5a84beb06ba924a35d84d6bfdab30a b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9
GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-564ef5c4c93d3325381c45e85f4f2b42-0ff63fd7c71a919e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:47:35+00:00, 2024-05-07T03:54:27+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/035c0001.css | 185.244.209.62 | 200 OK | 14 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/035c0001.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashac3b78bdd1c881f78913b967fd22a91f 15295665baa2ccaf71e8a093f333d087621a17ee ee4c84a2fe257a888fcec5809b67b563aba3a4c52f102154ffa19a685434d835
GET /_nuxt/desktop/default/css/035c0001.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: text/css
content-length: 13859
last-modified: Mon, 06 May 2024 07:48:14 GMT
etag: "66388b3e-3623"
content-encoding: gzip
expires: Tue, 07 May 2024 09:00:57 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-477e85c49b8e588fc64c83b30312c5fe-e575eb84eea4c79e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T09:00:57+00:00, 2024-05-06T09:01:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js | 185.244.209.62 | | 225 kB |
URL v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators Size225 kB (224914 bytes) Hashc4d75347728629ec3f0b90dc82f0a3d2 ff949fe02da04d39be746f8d091a1a7b30126f7a 8ca2bd3ad104c33fb6189e87cab8992734ca6bf99a631ed413f63444b834d33b
GET /_nuxt/desktop/default/app-1483c42a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 224914
last-modified: Mon, 06 May 2024 07:48:14 GMT
etag: "66388b3e-36e92"
content-encoding: gzip
expires: Tue, 07 May 2024 09:00:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2b5b510296c1f975b601e2db952c2490-51c7e404f6a144b4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T09:00:58+00:00, 2024-05-06T09:01:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js | 185.244.209.62 | | 47 kB |
URL v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (65476) Hash03b89bdb4f6013159d40de88c98403b6 cf41351caa86d91b56cf839d54ab28bf8f4f54f8 42d02ce0b520e2d8ce7341a0b07d92cd3833d762337b1f8aabc6f7f23e6fad4a
GET /_nuxt/desktop/default/commons/app-2e30fd7d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 46801
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-b6d1"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-78a2faa09988eb5d8da8e717f6414db9-f66df26b62acd0d3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:58+00:00, 2024-05-06T14:47:23+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css | 185.244.209.62 | | 2.3 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (9958), with no line terminators Hash76a1e3dd8e25bf9a48bdd896de779d20 38c3643e25808d1f3ab167273201eac8c113c088 aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273
GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: text/css
content-length: 2277
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-8e5"
content-encoding: gzip
expires: Tue, 07 May 2024 11:27:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-07d1b5e83847c76a23aaae0c0eeb0d9b-15ea05fe1cf936d7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:27:59+00:00, 2024-05-06T12:06:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js | 185.244.209.62 | 200 OK | 15 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (47215), with no line terminators Hashef9def5f3c8a190bfffb14ce24c6eb58 c5fa568c8f9bee2aa988c80a7246e07edd8d84ba d5d3ad6908352036bda426fe1fdc6f1dc03ac13a7029bbf25fa50580abd9064f
GET /_nuxt/desktop/default/runtime-baf5b66c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 14752
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-39a0"
content-encoding: gzip
expires: Tue, 07 May 2024 10:54:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4d8af36a13060d5ec8e5c1d10503ae67-492b87f2344da736-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:54:45+00:00, 2024-05-06T10:56:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/version.json | 185.244.209.62 | | 44 B |
URL v3.traincdn.com/version.json IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
Hash265e4e9c948f929631d7e9bcf0d19d5b c70f40cde4e09003b980fdae5130f3695de16add 62ec6fa5c15470b882bd7e05f5651b0a265a0cb2857cffa5cbfa34b3d2cf42ba
GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: application/json
content-length: 44
last-modified: Mon, 06 May 2024 10:24:15 GMT
etag: "6638afcf-2c"
content-encoding: gzip
expires: Mon, 06 May 2024 10:50:26 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1543eae6027eba691cdd75168644d079-042f92bd3b07a6dc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:49:26+00:00, 2024-05-07T04:19:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63748, version 1.0 Hash6887b6f24414dbc612dbf42ccdc76b70 8068d3abfbc6cbf35b55919da45b1f4d2d136238 fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-de785da1874f5691bc0d18eb2ba42be3-8a5d2eab9de4f42e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-07T04:00:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 | 185.244.209.62 | | 65 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeWeb Open Font Format (Version 2), TrueType, length 64732, version 1.0 Hash3ac5d40d1b3966fc5eb09ecca74d9cbf a69f32357765dd321519889aeacba5e9ca893bb0 3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-87397faf797a4c890298c93791937e7f-a381d935e42b7fb5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-07T03:36:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 | 185.244.209.62 | | 64 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeWeb Open Font Format (Version 2), TrueType, length 63920, version 1.0 Hasha65527fcb58f66a7cfbc0e6b160538b4 45d260e7fa343401b5bb0df982a014f53e2d253b fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-159ba916196ded16fbfe4491567bde73-a1be351bba8691e2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-07T03:27:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/check-ob.js | 185.244.209.62 | | 187 B |
URL v3.traincdn.com/_nuxt/check-ob.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text Hashced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616
GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Thu, 02 May 2024 12:51:43 GMT
etag: "66338c5f-bb"
content-encoding: gzip
expires: Sat, 04 May 2024 12:55:05 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-32ce9d52bb03fae0e922e6ccc9ea63aa-811569a655c2f079-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T12:55:05+00:00, 2024-05-06T11:36:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png | 185.244.209.62 | | 653 B |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typePNG image data, 32 x 32, 8-bit colormap, non-interlaced Hashe6f0766cbd95db33da44e7a9140648f2 5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0
GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:12:59+00:00
traceparent: 00-e1c993fe58126b18eb5999b568a43775-1e0457c845455f70-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js | 185.244.209.62 | 200 OK | 22 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65476) Hash45f90516ee8a557d78c08e1e925c1490 adc0363ed75f47f9513a36a94173c6e4940a2adc f5b8b3c4e62dbb4ebc5fd634f5bb17b3145a14c21bdc3e9c0a4dcb45b9e573fe
GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 21889
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5581"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-dc1b12b11f0b37d818ae04a2ee6c050d-5ea8f10ccf3042ad-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-06T14:47:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js | 185.244.209.62 | | 4.6 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (12527), with no line terminators Hash805e7c2cd861f2191db66c39ab28e86b a6353246547e9a9fd01093fcb784d708d187e3ef 82686dab55962ead6916346bd901b3fc03357bb2a0e74dfe966ff784d75b2368
GET /_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-11cc"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-85fa5aec612ef29d7dc84109df5adf43-1731f7fb9ec9a142-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-06T14:47:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css | 185.244.209.62 | | 953 B |
URL v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (3352), with no line terminators Hash748da80084597d87b4ff5e98b017b07b db6ad2ec24bfcbe751a23061d935403e1163f471 4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24
GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: text/css
content-length: 953
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3b9"
content-encoding: gzip
expires: Tue, 07 May 2024 11:05:11 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-307fb9e8e978c0857a91afd4def0cab6-f743759a95c9aa0f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:05:10+00:00, 2024-05-06T15:18:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js | 185.244.209.62 | | 8.1 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (26717), with no line terminators Hashead4a901af60e4b8138e732f0aea9637 7c1d57d444a07553738ddcb8b6a2bee305a0c215 e6bc116e4cb54d011d2a1fa1f87ab12d1f320aa8dc54c89b1f286f2b02ee14c0
GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1f77"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-33c02d7ca3eac36da16e6329a8c2cee3-c5dce20424b063a4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-06T14:47:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js | 185.244.209.62 | | 2.1 kB |
URL v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (6960), with no line terminators Hash91d17dbf833b48149a8b5d2f21895879 bd71a45fa4419ab4ddbc676f0a9cca2be05e1703 f085ff2e310ab82817411e3ed64d0902de49e149d0958cadb91d518ed5854335
GET /_nuxt/desktop/default/date-fns-locale-21-290f49eb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 2120
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-848"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:15 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b87109f1f67a6caa08173b86046ff765-52a5c702e41b23d2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:15+00:00, 2024-05-06T16:05:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js | 185.244.209.62 | | 999 B |
URL v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (2336), with no line terminators Hashb44bc16cd2630bfada5ec9cbdbfcafab 43918946155d48f6cc8ecba42e2cf2cab28debd7 189ec6fd8e44cc47498706a2d2c815da1dc255040ef5ef57f5faa7c10c05ae42
GET /_nuxt/desktop/default/DC-7e6a4aad.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 999
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3e7"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-26717500e47a9b4c6453c10b546723fd-62901f5cb8fbf882-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:01+00:00, 2024-05-06T14:47:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 | 178.253.29.51 | | 141 B |
URL 1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashbd9be2fa89d26e9e6f1b2e08ffcd0ed6 90eae25ee792254c7ca97e98c5782078f9bdc37f c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 1557
x-request-id: 529f3bb0a07cd28319272b830e74411c
x-request-guid: 529f3bb0a07cd28319272b830e74411c
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.5809535980225, wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json | 178.253.29.51 | 200 OK | 523 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hasheec4805fe0f6e17d5ade92a382f5b068 ca6a26fe8ea31e66c0bef88c4e7f489dce9f9a4b b50904054641c30b6b4ee7ed4290b52022825f2e9e9e3a4a060b8ecddf28c898
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.51 | 200 OK | 23 B |
URL POST HTTP/21xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashbe049a08df34196643ed3aa13d40c8a7 225a88d6e569dc7cbfcdcf4a9a4887b3a148ecc1 fd9cd2eb0af37156e974cee8b91baee216aad2224a0cf353184eb53debb9d12b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
Content-Type: application/json
X-Lang: en
X-Uuid: 56b307d1-f94a-46b4-83f0-3db5f9fd5136
Content-Length: 79
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js | 185.244.209.62 | | 1.6 kB |
URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (2425), with no line terminators Hash3a0e4a54185bcc66d2e032dd30a385eb 627755ca54def0761f25f827d5b4cb483e1ca83d e0bc5ffed1e6fd6285fea94e991fa8ec48a5f17677519c766d7ee7e757a02239
GET /_nuxt/desktop/default/Betting.Core-d4a24bae.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 1577
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-629"
content-encoding: gzip
expires: Tue, 07 May 2024 10:54:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b5ba3a2bf8b49455e79820fded043098-32186d0027d41464-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:54:52+00:00, 2024-05-06T10:58:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js | 185.244.209.62 | | 1.5 kB |
URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (3229), with no line terminators Hash0cc9277dab4117c9b162cc01e1f0b97f 5b7d9007e2d99d3715c5f226aadf44aa4da4332b 6d7637a83c7812813039573e9c67efbb30e4021a971c546621a397eb72ea4bd0
GET /_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Thu, 02 May 2024 12:52:18 GMT
etag: "66338c82-5ab"
content-encoding: gzip
expires: Sat, 04 May 2024 08:41:49 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a8b9b76dbdf705db3a70c307225d1fdb-2088259ef3416798-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T08:41:49+00:00, 2024-05-06T09:22:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css | 185.244.209.62 | | 459 B |
URL v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (1526), with no line terminators Hash97fdf5b6e7dfddf6ab251e984133b2c3 bb552fe685c52c34e0ed91e4dfaa9df2675ad086 92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3
GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: text/css
content-length: 459
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1cb"
content-encoding: gzip
expires: Tue, 07 May 2024 11:05:30 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-28650346324685a7c4568cd710668976-cfcf040a291687cc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:05:30+00:00, 2024-05-06T15:37:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js | 185.244.209.62 | | 17 kB |
URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators Hash45302df89a240c65824afccc0240c030 84573118a402aa9a4ee0321ccf3f914c438a8369 25b695450684f580508f24855ea2d181ecd499e26573010621dd4a2ddc5af16a
GET /_nuxt/desktop/default/vendors/betting.media-233f5bf5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 16831
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-41bf"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b1ea6ba4a713604b0a220569618236ef-fd21a867c7f8ef9f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-06T15:01:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css | 185.244.209.62 | | 1.5 kB |
URL v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeASCII text, with very long lines (7000), with no line terminators Hashf379bc6f4b94f34d96f6fe51159bee63 f4c0d4dbef1e1e734e84e05d75e4ff950d06eb60 b2a5bd6495250a19500dd5a6ca62f045c8b70226a668dc63ef40c78883bdae11
GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: text/css
content-length: 1486
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5ce"
content-encoding: gzip
expires: Tue, 07 May 2024 14:34:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1bffa12044981dc5f5d162c0fb6f3361-5a5106120bdff5fc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:34:32+00:00, 2024-05-06T17:08:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js | 185.244.209.62 | | 4.7 kB |
URL v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (16761), with no line terminators Hashfda91a0dd5e8251a0c4c540d7e54ed52 3c4a6e38286708cd62ff071ccf97e73f37200728 b3c3c2ee09cf4af0164878165cd9971fbfe83a461c18ad0ef7cfc33b36b782ef
GET /_nuxt/desktop/default/betting.media-64ed71be.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 4726
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1276"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5ccc8fc65f533d630a6a67b92669082d-771b03336782a16c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-06T15:01:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 | 178.253.29.51 | | 176 B |
URL 1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashac86deb03def477abf768a8455c8aa90 87bbc45a47946c01a6f494da652c5b1940e4a62c 6a19047f1e73a26daaac3ec171356c005d39984c931de6c0c0b4184ade05c55b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: application/json; charset=utf-8
content-length: 176
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en | 178.253.29.51 | | 2 B |
URL 1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd751713988987e9331980363e24189ce 97d170e1550eee4afc0af065b78cda302a97674c 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=12.35, dt_total;dur=13.434, wf-uht;dur=0.022
traceparent: 00-f13b01bfce84d714f15e4ad815990c75-b269175e976a14db-01
x-dt: 285
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/session-api/sessions/user | 178.253.29.51 | | 16 B |
URL 1xlite-461430.top/session-api/sessions/user IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash646b2e82b65602d35f7aa6283c387e3a b163a70c5df8e4b0861a23a04f8a6f78393747f4 b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.4331340789795, wf-uht;dur=0.025
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg | 178.253.29.51 | | 263 B |
URL 1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeSVG Scalable Vector Graphics image Hash28e2c161800b61b985a163f5c492ae51 8845ea940210b4ccb195cca855a598e6aaa58ed0 77c93c24e4eb0f8815a7526d405818c9a38ba6e4317f1fee588fffbc00cb17de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: image/svg+xml
content-length: 263
last-modified: Fri, 23 Feb 2024 10:01:24 GMT
etag: "28e2c161800b61b985a163f5c492ae51"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg | 178.253.29.51 | | 296 B |
URL 1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeSVG Scalable Vector Graphics image Hashb1bf63d00887bb0354e9d89c7d790a01 2d64ab25c9afff682abd6732f62ba62a197e972b a6a4fbbd99a0a82de03f05da827ccd9d019574bf3450727530403c2b5ce92df0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: image/svg+xml
content-length: 296
last-modified: Fri, 23 Feb 2024 10:03:47 GMT
etag: "b1bf63d00887bb0354e9d89c7d790a01"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg | 178.253.29.51 | | 506 B |
URL 1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeSVG Scalable Vector Graphics image Hash9c340eae608db0c25657b4a73d769afe 988fbf333a2e9290211cd9e6b7c98c59719012b0 b92e969acd8a1e0f9cfd1f84080ca5ccb8cb49b105299434c275a8813faf841e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Fri, 23 Feb 2024 10:03:36 GMT
etag: "9c340eae608db0c25657b4a73d769afe"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/checker/redirect/stat/run/ | 178.253.29.51 | | 14 B |
URL 1xlite-461430.top/checker/redirect/stat/run/ IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash2de0d0acfd684235f066bd0ec0c9e3df 68d0cb64805a42d7e40f43e8e198986b43dd6b69 9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO | 178.253.29.51 | | 73 kB |
URL 1xlite-461430.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash811c0d7d5d727f9896e7f12189316867 0695e037463a9acefb1d452c48c7937002cd5d25 2521d23a0795f13b874e426d335d5dabcbc133e0897cc50b6edcfd25db1b739e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /paysystems/information/systems?lang=en&ref_id=1&geo=NO HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
content-encoding: br
expires: Tue, 07 May 2024 04:19:42 GMT
set-cookie: application_locale=en; expires=Thu, 06 Jun 2024 04:19:42 GMT; Max-Age=2592000; path=/; secure; samesite=lax
traceparent: 00-1fede603327e83b375bab757e0650ade-8417145b20519915-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.168, 0.178
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=207.685, wf-uht;dur=0.215
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/bff-api/config/all.json?lang=en | 178.253.29.51 | | 30 kB |
URL 1xlite-461430.top/bff-api/config/all.json?lang=en IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashb9b6fb94911549ab3ababcc561725ec0 62cd750d3a6c94b8a5fd9314f7adfc3252527592 b9d1353e8a941688bddae5ce35a624ef5ceba104b07bb9067281662b2cf84afc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/config/all.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=175.16, dt_total;dur=187.990, wf-uht;dur=0.203
traceparent: 00-7716c38204c5b6241acdcdde9a68b6cc-c22e9a874ef23c1e-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.180
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/1f2df44616d4.js | 185.244.209.62 | | 504 B |
URL v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/1f2df44616d4.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJava source, ASCII text, with very long lines (503) Hash15febf68b8d13d129b35aef20b7e279f 0d1683f3b1665af732196e2c0e36991235be80e6 f9b162ccebf2b2f7312a53eb29437cbbf87b1f18fab897988563327a2c333875
GET /sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/1f2df44616d4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:43 GMT
content-type: text/javascript; charset=utf-8
content-length: 504
last-modified: Mon, 06 May 2024 13:05:23 GMT
etag: "15febf68b8d13d129b35aef20b7e279f"
x-amz-meta-mtime: 1715000574.324471384
expires: Tue, 07 May 2024 13:08:26 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5e59d24c90507dcc944413b88ffc53d8-631c13961f03c9dd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T13:08:26+00:00, 2024-05-07T03:45:27+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/promo-frame/en/promotion/psg-show | 178.253.29.51 | | 83 kB |
URL 1xlite-461430.top/promo-frame/en/promotion/psg-show IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typegzip compressed data, from Unix Hashd138ffc9038fe5f5354a3f90978cf528 da1c8fe079202f0b4f9b945614ddb85bdfb5e8b3 651cb74d9207bc6f7085caa684a0d64d782e79040ad36caabb4669bff902222f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /promo-frame/en/promotion/psg-show HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions/psg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: text/html; charset=utf-8
accept-ranges: none
content-encoding: gzip
etag: "124c-/PnHH2qH4mrjwJs9/VqCpGH1IuA"
server-timing: total;dur=0;desc="Nuxt Server Time", dt_total;dur=1.805, dt_total;dur=3.690, wf-uht;dur=0.012
traceparent: 00-70eb1904d7abceb9b71aa2866f414f93-f52dc469d180fea6-01, 00-70eb1904d7abceb9b71aa2866f414f93-f52dc469d180fea6-01
vary: Accept-Encoding
x-dt: 285, 285
x-time-ng: 0.001, 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/static-promotion/desktop/default/2adf4596.modern.js | 178.253.29.51 | | 33 kB |
URL 1xlite-461430.top/static-promotion/desktop/default/2adf4596.modern.js IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeJavaScript source, ASCII text, with very long lines (8953), with no line terminators Hashcaf9fb288b9e2c416247aa105eafafb0 48bc15cf8cd6469cf1f7b70a08b173ca11d94230 9474297eadf542772c0adc36f51925bc60c157dc28b7e3182e592253d34cb19e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static-promotion/desktop/default/2adf4596.modern.js HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:43 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 13:11:27 GMT
vary: Accept-Encoding
etag: W/"6634e27f-22f9"
expires: Wed, 08 May 2024 04:19:43 GMT
cache-control: max-age=86400
content-encoding: br
x-time-ng: 0.000, 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js | 172.64.148.184 | 200 OK | 2.0 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hashefa01158dc61d2376d9c8bcfc69c216e ce7d54f25100f036fd11b6b860d707ab9d1ef399 331687e4e437403899177781857d50ee31f427a8f31164141f8f70ec8e7fbf60
GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 04:19:42 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 557508
expires: Wed, 07 May 2025 04:19:42 GMT
server: cloudflare
cf-ray: 87fe69d01b9c568d-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js | 185.244.209.62 | | 109 kB |
URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Size109 kB (109180 bytes) Hashb931f66325ccb10cff8313c4823c9d0e ee5892ccc853504804d0b93b07013675bc4516f6 c679b733dfb5998c2e57e436f87d85d6a00ad1f97ba958db9369fa5df60a31a4
GET /sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 10:22:32 GMT
etag: W/"701ad5a22b8ea7213a53e334d0898349"
x-amz-meta-mtime: 1714990874.153504753
content-encoding: gzip
expires: Tue, 07 May 2024 12:42:06 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6319b8b45ecc88f97879fea5b24f2522-3e4740d530ce5f33-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:42:06+00:00, 2024-05-06T12:50:28+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.328/285/logos.svg | 185.244.209.62 | | 154 kB |
URL v3.traincdn.com/sys-icons/1.0.328/285/logos.svg IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Size154 kB (153786 bytes) Hash542e9c3910ae3edbf66d3aad2c59703c dd1842829acbaba343cd8148275189bfa931e396 0f09991925a0a913ac2cdb1ce8d9481e7534c18416bef785e4558bb118fe83d4
GET /sys-icons/1.0.328/285/logos.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"c45fb3adb3e47bdbd03c88fc4c4309aa"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:05 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ec99093f05d700c10666a14ad5e920b7-a4c423b784f9fcd6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:05+00:00, 2024-05-06T12:11:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/web-app-v2/dictionary2/v3_promotions/en/dictionary_6fde6ebf7c9c04de8965efd035156e6d.json | 178.253.29.51 | | 489 kB |
URL 1xlite-461430.top/genfiles/web-app-v2/dictionary2/v3_promotions/en/dictionary_6fde6ebf7c9c04de8965efd035156e6d.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Size489 kB (488594 bytes) Hashaa47c209edb57af294b574b76e8fe72c a1772c9b5ad412559604729a69ba437a699ac718 72ddfc5fb49f6470802776b7a03384b4dc6fcd208796f9230b02c20fa2fb8cf8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/web-app-v2/dictionary2/v3_promotions/en/dictionary_6fde6ebf7c9c04de8965efd035156e6d.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1920; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:44 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
last-modified: Mon, 06 May 2024 20:48:55 GMT
etag: W/"aa47c209edb57af294b574b76e8fe72c"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js | 185.244.209.62 | | 269 kB |
URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Size269 kB (269399 bytes) Hashc82ab31881cb0fe6b8ad0c27582a24d1 3c6c5cff7b3fdc176fe948537b8f9c644cc3001f 77e7ffef345cf04f3cc4ef5d7e772ae4d9c381d93ca71ad368c5f447b0013fd9
GET /sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 14:40:26 GMT
etag: W/"8fecd56fc5520134f3c39b17431fe0c2"
x-amz-meta-mtime: 1715006282.054749806
content-encoding: gzip
expires: Tue, 07 May 2024 15:18:04 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ec209f3f853c45d68497d806caa6b106-575900afe53bdcf5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T15:18:04+00:00, 2024-05-06T15:57:12+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js | 172.64.148.184 | 200 OK | 248 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Size248 kB (247784 bytes) Hasha641b0d3c8309a7bf21f4883df2d7807 5b0bc7a9428b2bc45eea5ab7459f8487159d60b0 f90d65c173504c8463b8faf08786387a86cddb5f8dc44d88ac532ab334ad0765
GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 04:19:42 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 557508
expires: Wed, 07 May 2025 04:19:42 GMT
server: cloudflare
cf-ray: 87fe69d01b9d568d-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/acer-predator-p03-630.webp | 185.244.209.62 | | 3.4 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/acer-predator-p03-630.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash98d6c0423d3fadfe1441016d1ce1051b 84db0e129e9bc9670fe5e4456a9c8522a8d87e25 1ac9fad3085bb92b7d6d4c8bab70377f74ddf6ea2c61a74c3942e99e0750e9bc
GET /genfiles/cms/1/desktop/promotions/psg-show/acer-predator-p03-630.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:44 GMT
content-type: image/webp
content-length: 3404
last-modified: Fri, 29 Sep 2023 09:26:26 GMT
etag: "98d6c0423d3fadfe1441016d1ce1051b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:47:03+00:00
traceparent: 00-510dfafcd6894e4a7c82f548e90b0079-47e8671ae5ed1349-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css | 178.253.29.51 | | 47 kB |
URL 1xlite-461430.top/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (36299), with no line terminators Hash4610c92e7697e57d1149e233ef5edab2 534bce5791c8a3f342e7fa8552458f3b45c60ab1 92fefebfb7788539968fe67373e000ba5cdfa9d19b041f3849d38f098b49d222
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1920; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:44 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 05 Apr 2024 07:40:06 GMT
etag: W/"4610c92e7697e57d1149e233ef5edab2"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/static-promotion/desktop/default/75473f12.modern.js | 178.253.29.51 | | 7.3 kB |
URL 1xlite-461430.top/static-promotion/desktop/default/75473f12.modern.js IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeJavaScript source, ASCII text, with very long lines (12093), with no line terminators Hash1b39474fc79b7984fb02e82672f31a53 03766ad288700244d378cbdf9d2bca5f893c3493 1d18acea16016ff33dada803ed40d90ec6e8e77dcaa166aa32b0bf5b62d610e1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static-promotion/desktop/default/75473f12.modern.js HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 13:11:26 GMT
vary: Accept-Encoding
etag: W/"6634e27e-2f3d"
expires: Wed, 08 May 2024 04:19:44 GMT
cache-control: max-age=86400
content-encoding: br
x-time-ng: 0.000, 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/apple-watch-series-8.webp | 185.244.209.62 | | 2.9 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/apple-watch-series-8.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hasheb0b1f55a4a8110851732953e9598026 c8c84de78bf48893b351e6d94fbac348b80b7df0 96bdeedf029f7444bc52070fb26f9680ac56b00b0e21e0730482e8e7869767c5
GET /genfiles/cms/1/desktop/promotions/psg-show/apple-watch-series-8.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:44 GMT
content-type: image/webp
content-length: 2864
last-modified: Fri, 29 Sep 2023 09:26:27 GMT
etag: "eb0b1f55a4a8110851732953e9598026"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:14+00:00
traceparent: 00-6817085b95323a992f63a762d990d99c-7338c19468d20fd9-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/apple-watch-ultra-gps.webp | 185.244.209.62 | | 4.3 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/apple-watch-ultra-gps.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashcf95d1e4280dbd8c1c1ca0a3087ed28e f379e81129d1aa29d41fccb38b967ce257c1bf50 aa33309abb63f527e487dbe0f6535f06c84f2e2dc58d4386e6c953f062b64d76
GET /genfiles/cms/1/desktop/promotions/psg-show/apple-watch-ultra-gps.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:44 GMT
content-type: image/webp
content-length: 4280
last-modified: Fri, 29 Sep 2023 09:26:27 GMT
etag: "cf95d1e4280dbd8c1c1ca0a3087ed28e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:14+00:00
traceparent: 00-2e93a865a40f477e397ac568398d3d83-53f439bdd726f490-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/backpack-and-airpod-max.webp | 185.244.209.62 | | 4.5 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/backpack-and-airpod-max.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash0840f5b52a316b82a54132f1ff2567f0 4e7b83787d11015773bb05454cf5b1b19ead4d3f d29f85e0e9ac170f11f568f5f47ee56bb72c9d12eb67b49fae27ec29c072e15f
GET /genfiles/cms/1/desktop/promotions/psg-show/backpack-and-airpod-max.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4538
last-modified: Fri, 29 Sep 2023 09:26:26 GMT
etag: "0840f5b52a316b82a54132f1ff2567f0"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:15+00:00
traceparent: 00-b1337cb3f8f2fa3538a63ff77cfd0335-0d7c526980551a6f-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/backpack-and-vr.webp | 185.244.209.62 | | 4.4 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/backpack-and-vr.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash628ba41f9356935040676770cdcc8409 92375c2b8682e5f730265aaafc407df336817114 3cb0452afb95816ddaa2df3388014355aac171b5ef9b128291e8c37d543d1061
GET /genfiles/cms/1/desktop/promotions/psg-show/backpack-and-vr.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4388
last-modified: Fri, 29 Sep 2023 09:26:49 GMT
etag: "628ba41f9356935040676770cdcc8409"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:15+00:00
traceparent: 00-ba7383418d8be5238d890c548d976d45-9b4e3e4209ca5a5c-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/backpack-and-mac.webp | 185.244.209.62 | | 3.5 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/backpack-and-mac.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash901716d2f02a679ede2cf54e3197c0f8 433b518e3cd01a89b5e4cd0a67fb1b0544132e9b 820d9d769a5220139c9a7cf35ec44fe1a5ca60e45a7fce34a9eac7302f6fe6c6
GET /genfiles/cms/1/desktop/promotions/psg-show/backpack-and-mac.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 3462
last-modified: Fri, 29 Sep 2023 09:26:26 GMT
etag: "901716d2f02a679ede2cf54e3197c0f8"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:15+00:00
traceparent: 00-664f0b658d328a2286c9a7fdc67f1493-02355d0d8ec321b8-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css | 185.244.209.62 | | 184 kB |
URL v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Size184 kB (183684 bytes) Hashcebec120ef59608e1e324b8eb7a896de 240128671fa7fe0fff26e6986f36510dc5f7f444 d2eefa98a2df195d7d6890c9c96222af1e316676040918596d1a382cb49cd9a6
GET /sys-ui/2.2.11/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:41:52 GMT
etag: W/"5be31e73f9aaf3c05331c4f0cd80e4d9"
x-amz-meta-mtime: 1713872392.088051093
content-encoding: gzip
expires: Wed, 24 Apr 2024 14:28:29 GMT
cache-control: max-age=86400
x-time-ng: 0.008
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2906efd320177d7181ddb18ca5277f39-ce4316c260738e40-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T14:28:29+00:00, 2024-05-06T14:47:23+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ball-and-xiaomi.webp | 185.244.209.62 | | 5.0 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ball-and-xiaomi.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash08ea0f5cc5a221c4c26fd3b0ac370f1c b3d4404fc46b1dac73538468b0b24335a09f1422 9e53aa236dd0986ba5a364954f6cb7b7b34bbdbe7639081f8557f61f132dd445
GET /genfiles/cms/1/desktop/promotions/psg-show/ball-and-xiaomi.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4994
last-modified: Fri, 29 Sep 2023 09:26:49 GMT
etag: "08ea0f5cc5a221c4c26fd3b0ac370f1c"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:16+00:00
traceparent: 00-3c853e8e2d8a7cf8421876a04e2c7639-10ab73d50d5860cd-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/backpack-and-samsung.webp | 185.244.209.62 | | 4.1 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/backpack-and-samsung.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash6f5f6b92014ddde0da8726504c0aaad2 090ef4a19753893d1c90091079cf6a3b288783de d271670e15b81ef4c89c3c1823ea54fb00200cefde8b3ce90abc72e6f7d42111
GET /genfiles/cms/1/desktop/promotions/psg-show/backpack-and-samsung.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4068
last-modified: Fri, 29 Sep 2023 09:26:50 GMT
etag: "6f5f6b92014ddde0da8726504c0aaad2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:15+00:00
traceparent: 00-01af1d5fa0aaede2cbe8d70426aa9dda-f0cbba1c472986c9-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ball-and-xbox-and-game.webp | 185.244.209.62 | | 5.5 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ball-and-xbox-and-game.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashb6eea6948e7c6db534fde495139fa83f a7c2cb251663ac421c291ab5852cb35928236bb1 13c89984d50c8bc92812a93f0096c703f92347b17e16a93b0d094685a065d58e
GET /genfiles/cms/1/desktop/promotions/psg-show/ball-and-xbox-and-game.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 5492
last-modified: Fri, 29 Sep 2023 09:26:49 GMT
etag: "b6eea6948e7c6db534fde495139fa83f"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:16+00:00
traceparent: 00-b53b1f87a07663a4a589b58677f2f12a-d4362bbb6ba02ad0-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ball-and-gyper-pc.webp | 185.244.209.62 | | 6.3 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ball-and-gyper-pc.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash842993d2c22aece144c85fd993289d10 d125bbc71050b8487ac6c16372c756e3f80e5ebc aad05f1eed4f71643d672d7c926be03709130946d5334fedc393b75caca8db1f
GET /genfiles/cms/1/desktop/promotions/psg-show/ball-and-gyper-pc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 6312
last-modified: Fri, 29 Sep 2023 09:26:49 GMT
etag: "842993d2c22aece144c85fd993289d10"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:16+00:00
traceparent: 00-2485b1098a72a8510f47f0013df7cd84-d8bcffc6f15d3348-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/gopro-hero-11.webp | 185.244.209.62 | | 3.0 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/gopro-hero-11.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash9cfcebfde2f524599a0ed5f3a8bdcdd3 8e2098436e30d191127f745b7a8cbd9a862f7431 29faf0db2607d88dd5a0ee470727ac7e52943abe202d5d697f6513f6c72a3bf8
GET /genfiles/cms/1/desktop/promotions/psg-show/gopro-hero-11.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 3042
last-modified: Fri, 29 Sep 2023 09:27:04 GMT
etag: "9cfcebfde2f524599a0ed5f3a8bdcdd3"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:17+00:00
traceparent: 00-92c56ee8eed555c00336c553177dd79a-e4936ecf85c22bd5-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/lg-xboom.webp | 185.244.209.62 | | 3.5 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/lg-xboom.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash4e517befa0a6f34840c117e9e2339b27 dfdfdc99228c82aaa070c6632d2826960a3ee0eb 64a1c0c9d78c28ce2189c26a4afff43a241d9e2eaa9cc0d738ace3494ecc4e98
GET /genfiles/cms/1/desktop/promotions/psg-show/lg-xboom.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 3466
last-modified: Fri, 29 Sep 2023 09:27:47 GMT
etag: "4e517befa0a6f34840c117e9e2339b27"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:18+00:00
traceparent: 00-6ed7fc8de4ef6f9f562bd0f4cd5695c8-1c3a32637b49dbe1-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/nintendo-switch.webp | 185.244.209.62 | | 3.7 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/nintendo-switch.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash3630149d732bca89d4bed4739163f3dd 76099884b648c82054e73817609a886e95364bab 963f9fa2e38eec05cec4e89d2d8c2c528be8e144382f80a837d72321add61e8c
GET /genfiles/cms/1/desktop/promotions/psg-show/nintendo-switch.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 3702
last-modified: Fri, 29 Sep 2023 09:28:06 GMT
etag: "3630149d732bca89d4bed4739163f3dd"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:19+00:00
traceparent: 00-005eb041c615ea0135930b6246cebc2d-e0874f972a28e2cf-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/bose-smart-soundbar.webp | 185.244.209.62 | | 10 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/bose-smart-soundbar.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash0e0c92d6df92fef64bfb39fcc2515293 02e26c19f5e5cc943038dc25332befbbade10bcb 67fe667afd9b71b754a5766ed19534351576fce0e35e1e499fecbeb053c33a2d
GET /genfiles/cms/1/desktop/promotions/psg-show/bose-smart-soundbar.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 10002
last-modified: Fri, 29 Sep 2023 09:26:50 GMT
etag: "0e0c92d6df92fef64bfb39fcc2515293"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:17+00:00
traceparent: 00-d84dd85a878496a9d5ab3cf4d4d3a1cb-491f73166e68af73-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-ui/3.2.3/Desktop/Default/client.css | 185.244.209.62 | | 139 kB |
URL v3.traincdn.com/sys-ui/3.2.3/Desktop/Default/client.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Size139 kB (138603 bytes) Hashf65c71162963bd054352236600fbe2b5 39973b6d5115f3214bddc527031a493dd012ed0c 4d793631f76b6e7476110e6420888f70d241ae0b7bb9e6a40f86fa58fc1ab297
GET /sys-ui/3.2.3/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 19 Apr 2024 10:53:25 GMT
etag: W/"64d292a033c097211f9f4c21ffbcb2b0"
x-amz-meta-mtime: 1713523729.13591556
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:54:48 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-32bee0ead2ea6b83d44e3aecc64a943b-5d27969801acc7ae-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:54:48+00:00, 2024-05-06T15:05:37+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/macbook.webp | 185.244.209.62 | | 3.3 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/macbook.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash7c054b99fdf71dbedef181682c1b0ed2 65837b21eecc726934546b2ba4bc91322255d488 18b27e9d54fed00a3d6f82ac1a8a83ab3eaa20e4a1360a1bb3d43e05f5a509ee
GET /genfiles/cms/1/desktop/promotions/psg-show/macbook.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 3266
last-modified: Fri, 29 Sep 2023 09:27:47 GMT
etag: "7c054b99fdf71dbedef181682c1b0ed2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:19+00:00
traceparent: 00-9650729a0cfef845d7debdd41540802b-c40c78927ea6fc64-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/led-samsung.webp | 185.244.209.62 | | 7.0 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/led-samsung.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash3b970a3353abf776813cd40524650b55 44fb93c30a84425e6fce90533445ac38765650ad b772b713a295751b27b559f20479912f65f1e7b9fb4ccdb6ff79d7d2745cf697
GET /genfiles/cms/1/desktop/promotions/psg-show/led-samsung.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 7034
last-modified: Fri, 29 Sep 2023 09:27:38 GMT
etag: "3b970a3353abf776813cd40524650b55"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:18+00:00
traceparent: 00-27065c9ec04c13d182994b92414a0176-35ab1e822a0e37ab-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ball-psg.webp | 185.244.209.62 | | 38 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ball-psg.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash85eda71372b45597c406ea48375fcab5 951b0b7a487fa818687fc21bc7b2508d1bd9ea8c 05ec541d6636e61d7098a13e84b8f7f8b7c0f3a537328446b37e0d0ccdb96b0d
GET /genfiles/cms/1/desktop/promotions/psg-show/ball-psg.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 38354
last-modified: Fri, 29 Sep 2023 09:26:50 GMT
etag: "85eda71372b45597c406ea48375fcab5"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:17+00:00
traceparent: 00-bc34bb6083c185aa9ecd72add1848667-16e216aadd3c768a-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/showstopper.webp | 185.244.209.62 | | 11 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/showstopper.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashc6fc4923ce24b7da9c5ed7a77f9d1db5 b058e7bbad4a36c0b4ee2b8143bc5dd790224167 e3010e58eeb6edb9c73e5588469e6b3c2f6a513c4123684377ac81b34c44ff20
GET /genfiles/cms/1/desktop/promotions/psg-show/showstopper.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 11036
last-modified: Wed, 04 Oct 2023 13:34:48 GMT
etag: "c6fc4923ce24b7da9c5ed7a77f9d1db5"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:17+00:00
traceparent: 00-39cfa043112b2ce8dea74bee16309f0c-0e71efb6c739faf9-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg-and-pc-and-monsamsung.webp | 185.244.209.62 | | 6.9 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg-and-pc-and-monsamsung.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashf8f4fa34dc47fb7a51c4a6f0c4240adf f17f2159c88d751f672f2bd953bc34f2fb2f8e99 65db264e60ac8627099bd81efd553d2749be0576034af71f88536fb785456135
GET /genfiles/cms/1/desktop/promotions/psg-show/psg-and-pc-and-monsamsung.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 6878
last-modified: Fri, 29 Sep 2023 09:28:32 GMT
etag: "f8f4fa34dc47fb7a51c4a6f0c4240adf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:22+00:00
traceparent: 00-bdcbe21fffeba849fe8c46652356860a-1b9eeae991389174-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg-and-playstation-and-game.webp | 185.244.209.62 | | 4.9 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg-and-playstation-and-game.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashb809d5eded9078fdeab70cadf6cb87cb 17e1e4957d70c51616a920615bcd896b2b5e2284 efab059e5d2c4286bc7533bf2c754c8ab08f7e71fd703ea2c29d944e644a42c9
GET /genfiles/cms/1/desktop/promotions/psg-show/psg-and-playstation-and-game.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4910
last-modified: Fri, 29 Sep 2023 09:28:43 GMT
etag: "b809d5eded9078fdeab70cadf6cb87cb"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:22+00:00
traceparent: 00-ab16a2cbc010cd8075d337ddaecaa8b3-8b8844b8d14f8318-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/rubrik-active.webp | 185.244.209.62 | | 46 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/rubrik-active.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash275f6a96c011c61f9eb9fe268c9f8158 4a1817973805af79250fe331978abd7e9da01855 0b63abb137818ca310c3d233d467c9f0d25e661c185482764da4f095c4f9ec7f
GET /genfiles/cms/1/desktop/promotions/psg-show/rubrik-active.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 46366
last-modified: Fri, 29 Sep 2023 09:28:43 GMT
etag: "275f6a96c011c61f9eb9fe268c9f8158"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:22+00:00
traceparent: 00-32dbfba0aa928b11266b2db240ce02b5-e1e288e7fa083d0b-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/samsung-galaxy-z-flip-5.webp | 185.244.209.62 | | 1.3 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/samsung-galaxy-z-flip-5.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash0d12b2aa552f701b19297b33c53d0451 0cf3d498cffc3520cb9234bc250bc056ec4211b1 7e8630f39c4661f46008bbbde5f3ee63012b57d0f2cb7600159e76cd56e16309
GET /genfiles/cms/1/desktop/promotions/psg-show/samsung-galaxy-z-flip-5.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 1254
last-modified: Fri, 29 Sep 2023 09:28:43 GMT
etag: "0d12b2aa552f701b19297b33c53d0451"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:22+00:00
traceparent: 00-4c0919c82d4b809226de7a86d29d4cb1-ddc7b8ed72508675-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/samsung-galaxy-z-fold-5.webp | 185.244.209.62 | | 3.4 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/samsung-galaxy-z-fold-5.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashd4d9b4fe044bc69118f94f96c4d08876 7c6484fa05ad6790283ba31161a37d63b87bf03b 53ea769f96936c84b545dfef8ba298bb1ecf2324c5b084b1597f9ef25f1ff950
GET /genfiles/cms/1/desktop/promotions/psg-show/samsung-galaxy-z-fold-5.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 3418
last-modified: Fri, 29 Sep 2023 09:29:01 GMT
etag: "d4d9b4fe044bc69118f94f96c4d08876"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:22+00:00
traceparent: 00-47918ca00b446da666090c805d2abd90-8c22c3795602bd1c-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/scooter.webp | 185.244.209.62 | | 3.3 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/scooter.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash9cd9aec9dd3722215d46628649233564 26c560ffa41dcbbe3cdd324b6044f7d80b1e9c35 894a252b36ee2693b06a6bb4e93b0f199457c0bdef73040af37adf72b361a48f
GET /genfiles/cms/1/desktop/promotions/psg-show/scooter.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 3312
last-modified: Fri, 29 Sep 2023 09:29:01 GMT
etag: "9cd9aec9dd3722215d46628649233564"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:22+00:00
traceparent: 00-072eb285896045ff9672a40374629fb4-85b128b16532fe39-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/bcacd1eac43a.css | 185.244.209.62 | | 16 kB |
URL v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/bcacd1eac43a.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Hash88057eece4b0955e5206566730adfef9 04b1af5e3cd41fa4813dd6ea74d29bf4eb09325d 1d3205505cc8914a266ca028730aca274b1d663fb0e7fb7f883ef99d4a7ea84a
GET /sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/bcacd1eac43a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: text/css; charset=utf-8
last-modified: Thu, 02 May 2024 10:06:11 GMT
etag: W/"e10ff0240cb41456d98910f7ff68efa1"
x-amz-meta-mtime: 1714644230.479316839
content-encoding: gzip
expires: Sat, 04 May 2024 09:03:49 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a9854503fbb393a127b524ac638e807e-a560feadfafae737-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T09:03:49+00:00, 2024-05-06T19:35:14+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg-and-iphone-15-pro-max.webp | 185.244.209.62 | | 3.8 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg-and-iphone-15-pro-max.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashf0195d6e8205cd3eda27ce47464d6dde 331262190d510a2084d736de52157ec503f00ae4 80b68f072d55ceba1a3fb2a6b0f8eb781422e4c83ca4ff5b1c39271b44dbd922
GET /genfiles/cms/1/desktop/promotions/psg-show/psg-and-iphone-15-pro-max.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 3848
last-modified: Fri, 29 Sep 2023 09:28:32 GMT
etag: "f0195d6e8205cd3eda27ce47464d6dde"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:21+00:00
traceparent: 00-e851abc0d52ca5726b5d9534400600e0-02a059fd1d15e857-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/jbl-1.webp | 185.244.209.62 | | 16 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/jbl-1.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash90f7388dfc16f93cb095e43933651389 7f86e970ba67dd3331742efdab15efb51fc9d2b7 7cc68a217677c600b4b901d2c300a57b49d893f02736850f017855b0ecd437be
GET /genfiles/cms/1/desktop/promotions/psg-show/jbl-1.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 16206
last-modified: Fri, 29 Sep 2023 09:27:38 GMT
etag: "90f7388dfc16f93cb095e43933651389"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:18+00:00
traceparent: 00-eefe5f178b8ff128a3d946dd80254a41-455ddafa6440d586-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ipad-1.webp | 185.244.209.62 | | 5.0 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ipad-1.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashe7865b791bb1905b148eefeecac1e66b fcb3496d75e7b6395737eff8ce5ba6b9cdbb676a 7f853c79baf9165c17eb5108c25fbd05feae75e233b0bc3dedacc8f53ffa0db8
GET /genfiles/cms/1/desktop/promotions/psg-show/ipad-1.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4950
last-modified: Fri, 29 Sep 2023 09:27:26 GMT
etag: "e7865b791bb1905b148eefeecac1e66b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:18+00:00
traceparent: 00-21464e0ce88522dc087d0cc717df0ca8-a323fe1a9100fed1-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/onair.webp | 185.244.209.62 | | 4.9 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/onair.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash9394b1dd61ce7b52482b3e8debf50421 29710742f7cf91eaebd49c235fb6c4f4817ef710 f6fadbce9c4c15f1cfd2443221d7c4db9dc968bac01210e0f35ccf13b15e8509
GET /genfiles/cms/1/desktop/promotions/psg-show/onair.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4886
last-modified: Fri, 29 Sep 2023 09:28:25 GMT
etag: "9394b1dd61ce7b52482b3e8debf50421"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:19+00:00
traceparent: 00-ba4c9658fc0e2f5d6a52bef8001771fa-1ee26e63cde6a6a0-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/jbl-partybox.webp | 185.244.209.62 | | 15 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/jbl-partybox.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashbd82cfaf59225d5976b2f2fb86b74b26 307eceeca90dd0739c4e9f3b34fd4477f21aba2e adc921abf65180a09830a28d38361d3abfdbf6255c3a0c9abfcc27a6b4a84ff8
GET /genfiles/cms/1/desktop/promotions/psg-show/jbl-partybox.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 15128
last-modified: Fri, 29 Sep 2023 09:27:38 GMT
etag: "bd82cfaf59225d5976b2f2fb86b74b26"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:18+00:00
traceparent: 00-536a119444c4b1462feb342c61f6a9fa-9043d2300d6ea699-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/marshall-woburn-3.webp | 185.244.209.62 | | 4.8 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/marshall-woburn-3.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashf8933adbd3f6fe4b9ddea3c2597f5cae e3a48e9d4649f79704653083f2ea1680bbaf8a83 c3e55985c61d80ebb9037d3fb6df592c8d03cda5a8a7113e6d30f197ad4a3726
GET /genfiles/cms/1/desktop/promotions/psg-show/marshall-woburn-3.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4826
last-modified: Fri, 29 Sep 2023 09:28:06 GMT
etag: "f8933adbd3f6fe4b9ddea3c2597f5cae"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:19+00:00
traceparent: 00-2e93d0763f943ea4403ee563613a46d8-c0502d22d3358027-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/marshall-monitor.webp | 185.244.209.62 | | 3.1 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/marshall-monitor.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash8b789ed64ebb4033645ae9e77097cff8 0743f1f0f401abd2fcbb1b513ace1881f3657bef f7510184ca6963768e35729a07f9b6ef682a9b722cc858a58cd1bbdd82f6580e
GET /genfiles/cms/1/desktop/promotions/psg-show/marshall-monitor.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 3112
last-modified: Fri, 29 Sep 2023 09:28:06 GMT
etag: "8b789ed64ebb4033645ae9e77097cff8"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:19+00:00
traceparent: 00-cd8e86ef3bfb14dc552a9a693407801b-dd55e09af317dd23-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/primetime.webp | 185.244.209.62 | | 12 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/primetime.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash32eae37b32a1be2b1412ec1d61175a30 61bbbd892da6738b876d5cd973ccf138bdff9c3e 3fc814bcd3edd504ad6c11f84623cfc20c7d068c51bb1d89c9ed1df28dad9eb8
GET /genfiles/cms/1/desktop/promotions/psg-show/primetime.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 12410
last-modified: Fri, 29 Sep 2023 09:28:25 GMT
etag: "32eae37b32a1be2b1412ec1d61175a30"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:20+00:00
traceparent: 00-e254db45b99fa00904243717177a203a-c824ce50287f6fad-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css | 185.244.209.62 | | 13 kB |
URL v3.traincdn.com/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Hash08695c989ab2130ec4f178971008acb9 c141d65e8f7b871a33300eb0263e4ed4fe8d49d7 2c17e723914ecbc34350cde2ea3fcd7f048e6818523291b98204c2a9f92a3ca6
GET /genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: text/css
last-modified: Fri, 05 Apr 2024 07:40:06 GMT
etag: W/"4610c92e7697e57d1149e233ef5edab2"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5c457f33fa810cb2b89ee3fe232be8db-e2e3d4daaf574ae3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-05T09:04:13+00:00, 2024-05-07T03:20:36+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/playstation-5.webp | 185.244.209.62 | | 2.7 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/playstation-5.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash64848561d05a374355e221d75fe95b81 b510e06935ba82deebdf84e280a7f7faf9445f27 6fe666e65be24ecd8239493f5dca44c4368d2af2026b7689bf9b4da526d26160
GET /genfiles/cms/1/desktop/promotions/psg-show/playstation-5.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 2662
last-modified: Fri, 29 Sep 2023 09:28:25 GMT
etag: "64848561d05a374355e221d75fe95b81"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:19+00:00
traceparent: 00-52e173fe255d2bdd5b4d771ef23e9253-df547f7c2e3fd089-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg-and-asus-rog-strix.webp | 185.244.209.62 | | 4.7 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg-and-asus-rog-strix.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash594d2926f43992dd8d5c130d7c097329 e22a962fdbeb08e43395d823e530bbc12ad1c21c 1b26a5ed0edb740fb22a344a7aa307e21389808cb755320e76a1aab9d04fcc94
GET /genfiles/cms/1/desktop/promotions/psg-show/psg-and-asus-rog-strix.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4728
last-modified: Fri, 29 Sep 2023 09:28:32 GMT
etag: "594d2926f43992dd8d5c130d7c097329"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:21+00:00
traceparent: 00-255e29b4de1ef3ead5f1f467140389f4-81ad20a5ecde855b-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/iphone-15-pro-max.webp | 185.244.209.62 | | 1.9 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/iphone-15-pro-max.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash74152b8ac58fce37cdda195cb0b6310c 51f0bb562ba361607be422d063a96a08d21fc399 3d2df4b3fa2cfc71b6f3d8330a4f7a4422fdac93dc837435aa9d552aee47cc17
GET /genfiles/cms/1/desktop/promotions/psg-show/iphone-15-pro-max.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 1928
last-modified: Fri, 29 Sep 2023 09:27:38 GMT
etag: "74152b8ac58fce37cdda195cb0b6310c"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:18+00:00
traceparent: 00-8811013330b90a9b849d9d1cc988e01f-f28e08ba33b27b1c-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg-and-game-and-ps-5.webp | 185.244.209.62 | | 4.9 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg-and-game-and-ps-5.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashb27cc64a512aebff4ff9dec1e819c170 6aafa61aec083c4c175e6344258ff6cab25e216a 1de563d1c2d08743168225f9493c0d50126164c47a74044ffc7766e49727728b
GET /genfiles/cms/1/desktop/promotions/psg-show/psg-and-game-and-ps-5.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4870
last-modified: Fri, 29 Sep 2023 09:28:32 GMT
etag: "b27cc64a512aebff4ff9dec1e819c170"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:21+00:00
traceparent: 00-60edf55e32207655efed77846fb2489a-394200c576151d26-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ps5-and-vr-sony.webp | 185.244.209.62 | | 4.5 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ps5-and-vr-sony.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hasheab458c96b25713a3fe2c4b8c65305f7 47c2fcc072dd69cc3ce3c435ee31a6fc53852089 acf228cc136b05aabcf3f5f01da47ec9c2e19b71c1bde2115155dc0d06f900fb
GET /genfiles/cms/1/desktop/promotions/psg-show/ps5-and-vr-sony.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4540
last-modified: Fri, 29 Sep 2023 09:28:32 GMT
etag: "eab458c96b25713a3fe2c4b8c65305f7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:21+00:00
traceparent: 00-a45742f9ec790b8f05f2b46b9f830911-1691498b73b8080b-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/pc-and-monsamsung.webp | 185.244.209.62 | | 6.0 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/pc-and-monsamsung.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash1695c503f7786b0fc4ad384102b73e3d 6b835a6b5ede4e3640fabacee24a8dcb962232e8 6231ba28c6d3db9546a98889ec3cf95547660f0228ef772e9a17a48e9c7d69d8
GET /genfiles/cms/1/desktop/promotions/psg-show/pc-and-monsamsung.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 6044
last-modified: Fri, 29 Sep 2023 09:28:25 GMT
etag: "1695c503f7786b0fc4ad384102b73e3d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:19+00:00
traceparent: 00-d4dfaf86c123c13beb279fd312026da3-b0724373436c7bb1-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/promocode-blue.webp | 185.244.209.62 | | 5.9 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/promocode-blue.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash0181206a72303eba906eb2039adb8794 8ad1c461257bfcff523bbdae5e7418f0d61f7e90 7e38d3fd222283815c612064e689e098ed17dd61f4f866895a36c69e6f19800a
GET /genfiles/cms/1/desktop/promotions/psg-show/promocode-blue.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 5876
last-modified: Fri, 29 Sep 2023 09:28:32 GMT
etag: "0181206a72303eba906eb2039adb8794"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:20+00:00
traceparent: 00-d1804812a6619b655e73951fdaa2a41f-256d2eafb8fc9f50-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/step-bets.webp | 185.244.209.62 | | 11 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/step-bets.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash8874f0ec7d15df5195a80a89dd0e1a62 282a8652bb103f326ee788f4427282a6c0467745 20ec65f5ff2b8e55f04cb6d567b3e887aa8da180edcacc5e6e91827b2fe66a92
GET /genfiles/cms/1/desktop/promotions/psg-show/step-bets.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 10568
last-modified: Fri, 29 Sep 2023 09:29:01 GMT
etag: "8874f0ec7d15df5195a80a89dd0e1a62"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:23+00:00
traceparent: 00-df403c1571beb8161f571e0d99471f55-ec1bc7e91730c73b-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/showmustgoon.webp | 185.244.209.62 | | 8.9 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/showmustgoon.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hasha107f23e277ac5bffdd29718fe05a9e4 b7393fa524d54916a35c386db431a9b1e0cf112c 68f36a1a83a1e7dee7dea7e0c5ee9c8172d0c545de859f2a06511b2d55297160
GET /genfiles/cms/1/desktop/promotions/psg-show/showmustgoon.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 8908
last-modified: Fri, 29 Sep 2023 09:29:00 GMT
etag: "a107f23e277ac5bffdd29718fe05a9e4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:23+00:00
traceparent: 00-c66f6515bbb5a04625b8640e42de31d8-13a3c84807246a13-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/step-tickets.webp | 185.244.209.62 | | 18 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/step-tickets.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash3131c39a2f3c5b5b78a825c7ba024e97 419e7b8d6e69d54509bc602113c8ad154e3b5cec 7c4a2e7d12a9bb6afec905f994c184f6d6e39d01876c7dc13e6ec8b2436afbd8
GET /genfiles/cms/1/desktop/promotions/psg-show/step-tickets.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 18524
last-modified: Fri, 29 Sep 2023 09:29:01 GMT
etag: "3131c39a2f3c5b5b78a825c7ba024e97"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:23+00:00
traceparent: 00-df94cc85405318d259267785b940058c-9031d5bf704f1f8a-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/step-prize.webp | 185.244.209.62 | | 12 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/step-prize.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hasha30336d24959c920bfcb39cf18c76338 688a2909e78c2b0d3a3dfd732dd303f8f0ade394 9910f8fb156724e4066eba87a2ef5cef7a0d12ef6b3dc1c27e9abd0f33dd8d2f
GET /genfiles/cms/1/desktop/promotions/psg-show/step-prize.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 11532
last-modified: Fri, 29 Sep 2023 09:29:01 GMT
etag: "a30336d24959c920bfcb39cf18c76338"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:23+00:00
traceparent: 00-f70dda6c7a78449bb28fb6b5da8fb860-4171813702a542eb-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg-and-valve.webp | 185.244.209.62 | | 4.6 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg-and-valve.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashcda25bc5c3c41cc728a45c92e46f7197 df8e9d307c9b6dd9b9010c107a435a7b55ce9d30 0f5940a4ba982fa6f3fc508a7e6478bce9c4de6ad1f36c2805c0a795112d9f9a
GET /genfiles/cms/1/desktop/promotions/psg-show/psg-and-valve.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4574
last-modified: Fri, 29 Sep 2023 09:28:44 GMT
etag: "cda25bc5c3c41cc728a45c92e46f7197"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:22+00:00
traceparent: 00-b155bba32031a695a04580c6558e73c4-39692163b6a9b7b6-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/valve-stream-deck.webp | 185.244.209.62 | | 2.8 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/valve-stream-deck.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash23a2128e4dea37f4e42723050dc60dea 496515ff3ffbc27dd002e1182797b82bbaf6afae 9cad7e7ab3649713b5865a50e37b9b16e9c648bd72740aee34786fb7424298a7
GET /genfiles/cms/1/desktop/promotions/psg-show/valve-stream-deck.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 2786
last-modified: Fri, 29 Sep 2023 09:29:15 GMT
etag: "23a2128e4dea37f4e42723050dc60dea"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:24+00:00
traceparent: 00-d1aa14f572b7a90c1ff7287819090f10-950011fc6409a634-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/xbox-1.webp | 185.244.209.62 | | 2.3 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/xbox-1.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash51be8441a63616a6bb4a69be872d0e2c 8bb4a593bd02d46d442bafb686b3d59f7a1ff36a 986cfc06ac9c7e99182439234508bcb39d5d373667f4dac2fda53331547bf05b
GET /genfiles/cms/1/desktop/promotions/psg-show/xbox-1.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 2310
last-modified: Fri, 29 Sep 2023 09:29:15 GMT
etag: "51be8441a63616a6bb4a69be872d0e2c"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:22:13+00:00
traceparent: 00-d4caea2022fcd3df1667fef2cf2e75b2-cd65d93fdb0dedc9-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/watchex.webp | 185.244.209.62 | | 5.4 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/watchex.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash089f1912ee09d731818b74ee273e89bc 4d22c2a7572dca847375d477c8e9f8f51d52f72e f64ae6216feb4f8efc20541d76b027190c942839360e02aef5be124df99a30dc
GET /genfiles/cms/1/desktop/promotions/psg-show/watchex.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 5402
last-modified: Fri, 29 Sep 2023 09:29:15 GMT
etag: "089f1912ee09d731818b74ee273e89bc"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:25+00:00
traceparent: 00-5e5db82df95f25443eea78d3fc25c43e-d528f7447a616b79-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/main-bg-1680.webp | 185.244.209.62 | | 7.3 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/main-bg-1680.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1680x1575, Scaling: [none]x[none], YUV color, decoders should clamp Hash65928005af7b94c5db2a085da25d2cc0 d4a59ffed49428c5c7f82bc542a3e9b3c8cf3492 6380e1eaf8b2f129dd16a13a4b456c78b18d777b7afff7eb861ff67e74290668
GET /genfiles/cms/1/desktop/promotions/psg-show/main-bg-1680.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 7296
last-modified: Fri, 29 Sep 2023 09:28:06 GMT
etag: "65928005af7b94c5db2a085da25d2cc0"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T04:13:56+00:00
traceparent: 00-4f41c84d80dbe2a17a3e8391f583076a-596463cf64eb0b7f-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/watch-and-xbox-and-game.webp | 185.244.209.62 | | 4.4 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/watch-and-xbox-and-game.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash81f8f6db3f576910956837dbc5d54bad 921f1b2dbc5ba51d6c7d79fa6b52bf6285a4607b 6c4c3f5f30eb2c4e5ff09fed3d83b2801548cfbf59e6f3af8ae6f5b6f59b5eee
GET /genfiles/cms/1/desktop/promotions/psg-show/watch-and-xbox-and-game.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4356
last-modified: Fri, 29 Sep 2023 09:29:23 GMT
etag: "81f8f6db3f576910956837dbc5d54bad"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:24+00:00
traceparent: 00-15b79d88ebdfae0447c8f7e435b9828f-2a54d77118a446e4-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/watch-and-ipad.webp | 185.244.209.62 | | 5.6 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/watch-and-ipad.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashd528f81c2c5582c1a12a4826da932e9c 1817a25a7d59b8f22b18642234e25c37cb025456 787a34017917ea66282c919eaf686ebcce8d578c94b8a8dc15a6bdfa85f93b9c
GET /genfiles/cms/1/desktop/promotions/psg-show/watch-and-ipad.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 5640
last-modified: Fri, 29 Sep 2023 09:29:15 GMT
etag: "d528f81c2c5582c1a12a4826da932e9c"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:22:13+00:00
traceparent: 00-da13f41db07d1501bdcea205350da513-c5487822b0fadb4f-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/vr-sony-playstation.webp | 185.244.209.62 | | 4.4 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/vr-sony-playstation.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash9fb872956d23c16338ea394393be17c1 d583fd6b21fb25d6d995d099d9a75161e9744af1 9359016bb4d4ff476bff82be02eced719cbecf4b3fc44f8e93291901bffe8fdb
GET /genfiles/cms/1/desktop/promotions/psg-show/vr-sony-playstation.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4424
last-modified: Fri, 29 Sep 2023 09:29:23 GMT
etag: "9fb872956d23c16338ea394393be17c1"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:22:13+00:00
traceparent: 00-b53a6df9124bfe09d07c3379bfdafd03-487fe55118823ed3-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/watch-and-tv.webp | 185.244.209.62 | | 4.0 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/watch-and-tv.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashf6af2e75833cbc09781cfe708b839127 aea95fd3283b1237f768c842c274ff974fbdda6b 899e0578e87b8caeb1a0bf23f5b4dd356aa53f7676781943cfe4d8b21c406c61
GET /genfiles/cms/1/desktop/promotions/psg-show/watch-and-tv.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 3988
last-modified: Fri, 29 Sep 2023 09:29:15 GMT
etag: "f6af2e75833cbc09781cfe708b839127"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:24+00:00
traceparent: 00-1a442a1dd8ef4a33b937841d158818e8-b834945d258d9608-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/watch-and-game-pc.webp | 185.244.209.62 | | 4.0 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/watch-and-game-pc.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash5f9bc10b862edcb4d80071343ff8bdff 07593256c785bfc45a4042d450210f52c00e6813 7b2c66c402fd0ec2336706d0b8068ae6d3e69b9303f87d56451d992e37a2d70b
GET /genfiles/cms/1/desktop/promotions/psg-show/watch-and-game-pc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4012
last-modified: Fri, 29 Sep 2023 09:29:15 GMT
etag: "5f9bc10b862edcb4d80071343ff8bdff"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:22:13+00:00
traceparent: 00-29d32d8c00516affce91d3d250d6944d-9e75e179e7ed727a-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/main-bg-1680.jpg | 185.244.209.62 | | 20 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/main-bg-1680.jpg IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1680x1575, components 3 Hash5e01e44ac429e342d4df1b48cd280c2b 164b644519cca8d9cd4b9a162de02c506c23b787 52060d2a8c3431cc19f0dfed7ecc440a497dbcf7b833c05723f2a5e6b47b35a4
GET /genfiles/cms/1/desktop/promotions/psg-show/main-bg-1680.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/jpeg
content-length: 20097
last-modified: Fri, 29 Sep 2023 09:28:06 GMT
etag: "5e01e44ac429e342d4df1b48cd280c2b"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T04:13:54+00:00
traceparent: 00-8171f122a576f4561b62ef3af2145133-a4a1a9dac42b5f56-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/onair-bg-1680.webp | 185.244.209.62 | | 10 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/onair-bg-1680.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 270x515, Scaling: [none]x[none], YUV color, decoders should clamp Hash3b5d96980eeacdaaf633bc1d63150ab9 c78ef31cc520cca9629242d75ed7cf9ebe3d9321 5c29db528b9c1067c9bb7a34f593f37458a3acbedc70d60033edf7f296b9af49
GET /genfiles/cms/1/desktop/promotions/psg-show/onair-bg-1680.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 10272
last-modified: Fri, 29 Sep 2023 09:28:25 GMT
etag: "3b5d96980eeacdaaf633bc1d63150ab9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:22:13+00:00
traceparent: 00-b8b7d949ea462227620c625c56a52dd0-5cbcd53160fc8aff-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/showmustgoon-bg-1680.webp | 185.244.209.62 | | 4.3 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/showmustgoon-bg-1680.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 270x515, Scaling: [none]x[none], YUV color, decoders should clamp Hashe62d389efd5b144cad67b85f53558d4d 8e09566046dea130f0f79a19406fef5f607d7611 7154f242aa5fba54b6b63543ddbf6567f563dbe0cf0575a6f50103e029502ddc
GET /genfiles/cms/1/desktop/promotions/psg-show/showmustgoon-bg-1680.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4300
last-modified: Fri, 29 Sep 2023 09:29:00 GMT
etag: "e62d389efd5b144cad67b85f53558d4d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:29+00:00
traceparent: 00-1329db8be6fcfbd82f91f79588218119-518cd2f8851e1777-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/primetime-bg-1680.webp | 185.244.209.62 | | 12 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/primetime-bg-1680.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 270x515, Scaling: [none]x[none], YUV color, decoders should clamp Hash7dec0fa1bf85060d087be566e7b7a0ce 54ab8949a1dfa29a38613d299377eb9d7d9f5d7a 9ff0976779d68025e4898fc20caab9d3d171528e96cf1f1941ef6e7ea17f89a5
GET /genfiles/cms/1/desktop/promotions/psg-show/primetime-bg-1680.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 11768
last-modified: Fri, 29 Sep 2023 09:28:25 GMT
etag: "7dec0fa1bf85060d087be566e7b7a0ce"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:22:13+00:00
traceparent: 00-8c510b176e4abd7fd7f22e4d7bc2a830-de8304ded202407f-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/left-bg-1680.webp | 185.244.209.62 | | 83 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/left-bg-1680.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashae03854ce263b36f94627e74f992d092 7f5df5b93e6f91e9d3b84958053a21a59d08d68b 721f40641b8b84d6086bbfdb8c04274717e749458b18d9b369fde048f3be7aa3
GET /genfiles/cms/1/desktop/promotions/psg-show/left-bg-1680.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 83380
last-modified: Fri, 29 Sep 2023 09:27:47 GMT
etag: "ae03854ce263b36f94627e74f992d092"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T04:14:00+00:00
traceparent: 00-70f393f10c32529d0b3f5473baeef41f-7db105a30a436040-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/jbl-1-branded.png | 178.253.29.51 | | 10 kB |
URL 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/jbl-1-branded.png IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 200 x 200, 8-bit colormap, non-interlaced Hashdcaf782a6dae6da45ccf22459338c606 c01b68c61045cb97c68bfa892f11a5a5d3fb0eea d80d86da7a7ac2c1561ea02a122a8e686fdf2ee0c2892b23454a8ae32f3be72b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1/desktop/promotions/psg-show/jbl-1-branded.png HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 10138
last-modified: Wed, 28 Feb 2024 15:26:58 GMT
etag: "dcaf782a6dae6da45ccf22459338c606"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/right-bg-1680.webp | 185.244.209.62 | | 114 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/right-bg-1680.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Size114 kB (113772 bytes) Hash6197380cddba44dc60f7f335156d9c6f e417b06dadca196f2e606d34fb2d786cbc7210e2 0bb8975e8a7bddadbc44748bdc86555e27db69803b4cc2e86e2d292aad2e7ee2
GET /genfiles/cms/1/desktop/promotions/psg-show/right-bg-1680.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 113772
last-modified: Fri, 29 Sep 2023 09:28:43 GMT
etag: "6197380cddba44dc60f7f335156d9c6f"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T04:13:59+00:00
traceparent: 00-d20aa391d5a2ef85a8b9b342050eff31-58f9957d64adcfde-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/acer-predator-p03-630.png | 178.253.29.51 | | 31 kB |
URL 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/acer-predator-p03-630.png IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hash5f723bf29dbf9171fc7cb5686dfd294a e36cd5bedbd1abcf36275e328a4f225028219360 aeb72e81126defd5e50330f00536a20fbb62f021b669f3e1ff79a02783b8ce0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1/desktop/promotions/psg-show/acer-predator-p03-630.png HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 30719
last-modified: Fri, 29 Sep 2023 09:26:26 GMT
etag: "5f723bf29dbf9171fc7cb5686dfd294a"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/vr-sony-playstation.png | 185.244.209.62 | | 17 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/vr-sony-playstation.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hash1c6e5c2b9529131b38b28ebce9924aff e62d006d72530fb7e13499af4917ba40616667e8 c0ce00544d16c50c74e755c6ae614fc7c091d0c3b1edcc44780a4a244b9024f4
GET /genfiles/cms/1/desktop/promotions/psg-show/vr-sony-playstation.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 17438
last-modified: Fri, 29 Sep 2023 09:29:23 GMT
etag: "1c6e5c2b9529131b38b28ebce9924aff"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-01T15:38:20+00:00
traceparent: 00-5d8c90913941292f9fbdc502b4a7493d-f3e711d599b7c292-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/vr-sony-playstation.png | 178.253.29.51 | | 17 kB |
URL 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/vr-sony-playstation.png IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hash1c6e5c2b9529131b38b28ebce9924aff e62d006d72530fb7e13499af4917ba40616667e8 c0ce00544d16c50c74e755c6ae614fc7c091d0c3b1edcc44780a4a244b9024f4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1/desktop/promotions/psg-show/vr-sony-playstation.png HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 17438
last-modified: Fri, 29 Sep 2023 09:29:23 GMT
etag: "1c6e5c2b9529131b38b28ebce9924aff"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/headliner-bg-1680.webp | 185.244.209.62 | | 4.5 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/headliner-bg-1680.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 270x515, Scaling: [none]x[none], YUV color, decoders should clamp Hash3f755da7ceb41220db11ebaa5b8459ad 1344105c0033d364382eff3c731efcc2eba1f165 0d9841c507abf42c3340b85148af9d293e70e1908c0a34036b8d9392eb6aff1f
GET /genfiles/cms/1/desktop/promotions/psg-show/headliner-bg-1680.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 4450
last-modified: Fri, 29 Sep 2023 09:27:26 GMT
etag: "3f755da7ceb41220db11ebaa5b8459ad"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:22:13+00:00
traceparent: 00-79e5ff68cca8ddfc3c4a67ac5a83154b-c2a23f1f88965fa0-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/apple-watch-series-8.png | 178.253.29.51 | | 19 kB |
URL 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/apple-watch-series-8.png IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hash8e14de19ca430b5166470b4ff28b756a a14a8cb05a713edde4bc23e3cc7ad0e1e646fe40 b002baad13ab127fdc3187debedb5bd7e29b15867f13324cf09786bd4779dffc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1/desktop/promotions/psg-show/apple-watch-series-8.png HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 19280
last-modified: Fri, 29 Sep 2023 09:26:27 GMT
etag: "8e14de19ca430b5166470b4ff28b756a"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/film-bg-1680.webp | 185.244.209.62 | | 211 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/film-bg-1680.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Size211 kB (210870 bytes) Hash2e8367b0da22fa09834d3b8b69842e12 d90b597342717b22bcf24ac74883e01c9fda29e2 aeb06296d4d2cfb8cd55484d5e30797fad66c3db6d872b76c021e940c2459177
GET /genfiles/cms/1/desktop/promotions/psg-show/film-bg-1680.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 210870
last-modified: Fri, 29 Sep 2023 09:27:04 GMT
etag: "2e8367b0da22fa09834d3b8b69842e12"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-07T04:13:58+00:00
traceparent: 00-abcad687682aef18f10f4e111c61e960-6e3f6d78cac751d6-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/psg.png | 178.253.29.51 | | 24 kB |
URL 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/psg.png IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hash59e5e074e84b319c9a94bf6cb28098ef 644cff98da54d2cc508fdb39e508c48a269a8402 3eb9fe377abe2dc61eaaeafdf4bf7c0437a3bc45aecce201026765a57a4a0491
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1/desktop/promotions/psg-show/psg.png HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 24100
last-modified: Fri, 29 Sep 2023 09:28:32 GMT
etag: "59e5e074e84b319c9a94bf6cb28098ef"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/film-bg-1680.png | 185.244.209.62 | | 224 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/film-bg-1680.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typePNG image data, 1488 x 3709, 8-bit colormap, non-interlaced Size224 kB (224381 bytes) Hash28ee957fcd831d7e1a46062928b0f1d2 2ff4aa2998873ba3f6594ece01929580b91e8e47 797ee8104fbc70f3a8ff151803b2d61b2999923805e57dff56e9810542f6a3ec
GET /genfiles/cms/1/desktop/promotions/psg-show/film-bg-1680.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 224381
last-modified: Fri, 29 Sep 2023 09:27:03 GMT
etag: "28ee957fcd831d7e1a46062928b0f1d2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-07T04:13:58+00:00
traceparent: 00-fd031ebc05057fdb84cd940fade2a233-90adcda8f4abaa4a-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/promocode.png | 178.253.29.51 | | 21 kB |
URL 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/promocode.png IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hash4a393eebed595bf98c03420e83c7d3ba d09243afabdfdf5a1cfe151495352ede4863e45d b6df7cf04747040672220961edfcf04d72d6cd29135462324d38badd02095bfb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1/desktop/promotions/psg-show/promocode.png HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 20657
last-modified: Fri, 29 Sep 2023 09:28:32 GMT
etag: "4a393eebed595bf98c03420e83c7d3ba"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/jbl-1-branded.png | 185.244.209.62 | | 10 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/jbl-1-branded.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typePNG image data, 200 x 200, 8-bit colormap, non-interlaced Hashdcaf782a6dae6da45ccf22459338c606 c01b68c61045cb97c68bfa892f11a5a5d3fb0eea d80d86da7a7ac2c1561ea02a122a8e686fdf2ee0c2892b23454a8ae32f3be72b
GET /genfiles/cms/1/desktop/promotions/psg-show/jbl-1-branded.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 10138
last-modified: Wed, 28 Feb 2024 15:26:58 GMT
etag: "dcaf782a6dae6da45ccf22459338c606"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-02T16:04:57+00:00
traceparent: 00-afea470b79dc01afe2770607fa31bd6f-09074e2421a06c70-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/promocode-blue.png | 178.253.29.51 | | 21 kB |
URL 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/promocode-blue.png IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hash903e24ad75082b52b1d3ec519013f0aa 5f10f1f0c7de7588d2666c140ca95cd39ce76dcb 5bee759b2560212bfe5cee7c7b6324042bf24d6d8b07fa89e85afa00f16b712b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1/desktop/promotions/psg-show/promocode-blue.png HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 21322
last-modified: Fri, 29 Sep 2023 09:28:32 GMT
etag: "903e24ad75082b52b1d3ec519013f0aa"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg.png | 185.244.209.62 | | 24 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/psg.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hash59e5e074e84b319c9a94bf6cb28098ef 644cff98da54d2cc508fdb39e508c48a269a8402 3eb9fe377abe2dc61eaaeafdf4bf7c0437a3bc45aecce201026765a57a4a0491
GET /genfiles/cms/1/desktop/promotions/psg-show/psg.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 24100
last-modified: Fri, 29 Sep 2023 09:28:32 GMT
etag: "59e5e074e84b319c9a94bf6cb28098ef"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:30+00:00
traceparent: 00-395bcfcc3c4557f739e35feade8b160a-2540675f8540667b-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/ball-psg.png | 178.253.29.51 | | 59 kB |
URL 1xlite-461430.top/genfiles/cms/1/desktop/promotions/psg-show/ball-psg.png IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hashf668fbcbdf0cb6825446d3064760eef9 4c6d63fb36142bcec5348ac1eec6310665f01029 aa034483b33f8a689645d5ca1100f996db0a71422680a09ecf37d62cfc353227
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1/desktop/promotions/psg-show/ball-psg.png HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 58785
last-modified: Fri, 29 Sep 2023 09:26:49 GMT
etag: "f668fbcbdf0cb6825446d3064760eef9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ball-psg.png | 185.244.209.62 | | 59 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/ball-psg.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hashf668fbcbdf0cb6825446d3064760eef9 4c6d63fb36142bcec5348ac1eec6310665f01029 aa034483b33f8a689645d5ca1100f996db0a71422680a09ecf37d62cfc353227
GET /genfiles/cms/1/desktop/promotions/psg-show/ball-psg.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 58785
last-modified: Fri, 29 Sep 2023 09:26:49 GMT
etag: "f668fbcbdf0cb6825446d3064760eef9"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-01T15:38:22+00:00
traceparent: 00-643f34c1f74d80e91d365cc5f1481378-4cb1dce610836538-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=UA-131019888-1&l=dataLayer&cx=c | 142.250.74.168 | | 71 kB |
URL www.googletagmanager.com/gtag/js?id=UA-131019888-1&l=dataLayer&cx=c IP142.250.74.168:0
File typeJavaScript source, ASCII text, with very long lines (1822) Hash6af1626e76e912c57701e4079309e37b b41168e06b4e3520ef97fda1ec39e357238723ae 81b5a4e499f29e308db5067c05d0aa8193053eef363ab8b0c8bca7a2d6a363b1
GET /gtag/js?id=UA-131019888-1&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 04:19:45 GMT
expires: Tue, 07 May 2024 04:19:45 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 70806
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/promocode.png | 185.244.209.62 | | 21 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/promocode.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hash4a393eebed595bf98c03420e83c7d3ba d09243afabdfdf5a1cfe151495352ede4863e45d b6df7cf04747040672220961edfcf04d72d6cd29135462324d38badd02095bfb
GET /genfiles/cms/1/desktop/promotions/psg-show/promocode.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 20657
last-modified: Fri, 29 Sep 2023 09:28:32 GMT
etag: "4a393eebed595bf98c03420e83c7d3ba"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T07:51:30+00:00
traceparent: 00-e7d372a054692fe2e54402c3cad39e86-3cb8a6ab7c3dae66-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/apple-watch-series-8.png | 185.244.209.62 | | 19 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/apple-watch-series-8.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hash8e14de19ca430b5166470b4ff28b756a a14a8cb05a713edde4bc23e3cc7ad0e1e646fe40 b002baad13ab127fdc3187debedb5bd7e29b15867f13324cf09786bd4779dffc
GET /genfiles/cms/1/desktop/promotions/psg-show/apple-watch-series-8.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 19280
last-modified: Fri, 29 Sep 2023 09:26:27 GMT
etag: "8e14de19ca430b5166470b4ff28b756a"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-05-01T15:38:20+00:00
traceparent: 00-c250ea5681241aa818033088651c81f0-d86ae6813723c6ff-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/acer-predator-p03-630.png | 185.244.209.62 | | 31 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/acer-predator-p03-630.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hash5f723bf29dbf9171fc7cb5686dfd294a e36cd5bedbd1abcf36275e328a4f225028219360 aeb72e81126defd5e50330f00536a20fbb62f021b669f3e1ff79a02783b8ce0b
GET /genfiles/cms/1/desktop/promotions/psg-show/acer-predator-p03-630.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 30719
last-modified: Fri, 29 Sep 2023 09:26:26 GMT
etag: "5f723bf29dbf9171fc7cb5686dfd294a"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-05-01T15:38:20+00:00
traceparent: 00-d27796ee53bd59b7c9cb2bc0e516f857-682bdbd9bd3cee64-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/promocode-blue.png | 185.244.209.62 | | 21 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/promocode-blue.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hash903e24ad75082b52b1d3ec519013f0aa 5f10f1f0c7de7588d2666c140ca95cd39ce76dcb 5bee759b2560212bfe5cee7c7b6324042bf24d6d8b07fa89e85afa00f16b712b
GET /genfiles/cms/1/desktop/promotions/psg-show/promocode-blue.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/png
content-length: 21322
last-modified: Fri, 29 Sep 2023 09:28:32 GMT
etag: "903e24ad75082b52b1d3ec519013f0aa"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:30+00:00
traceparent: 00-782f265f2b824a3a5bd2d24c3d84066b-dddb2f1844663409-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/samsung-galaxy-tab-s9.webp | 185.244.209.62 | | 2.9 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/psg-show/samsung-galaxy-tab-s9.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash6adafe42a263e82703a78b468ea84569 ba7f7df77432bf76ea8eb696553f32594cc490b7 4daf9815911125213545ceb1185891ec57177fa9c4637112c0202aa2edc1800c
GET /genfiles/cms/1/desktop/promotions/psg-show/samsung-galaxy-tab-s9.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: image/webp
content-length: 2936
last-modified: Fri, 29 Sep 2023 09:28:43 GMT
etag: "6adafe42a263e82703a78b468ea84569"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:51:22+00:00
traceparent: 00-805e0e4b1fd2c32110de0cd2ffee564c-b1149495e3ffc1a1-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b0276b0a7ae86d0dc87c292efc4ad16c.json | 178.253.29.51 | | 884 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/b0276b0a7ae86d0dc87c292efc4ad16c.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashc2eb16bc46aea587d16e3eb8bff889ad ed5e1e8dfaf6a7f9d067aed73191d522d71f6510 37c40a123ec6f4f9ebd9f26e2ccb1df2cfbfb98cee84ec03bb6153e6351590b9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/b0276b0a7ae86d0dc87c292efc4ad16c.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
content-length: 884
last-modified: Thu, 31 Aug 2023 12:36:01 GMT
etag: "c2eb16bc46aea587d16e3eb8bff889ad"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/c6fd0f94684461b018b5d68900173ba3.json | 178.253.29.51 | | 473 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/c6fd0f94684461b018b5d68900173ba3.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashe67aa19ef00fd2285c7b4ecbb6018306 5b01d4786d6fbfbd5de7901eb4359a55466f434a 135c1042c31e3674d8a1b3b9e7179f4f36868048ca6058ea458ff291b8880b5e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/c6fd0f94684461b018b5d68900173ba3.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
content-length: 473
last-modified: Tue, 06 Jun 2023 13:22:27 GMT
etag: "e67aa19ef00fd2285c7b4ecbb6018306"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/73ad3e60e189f328e251a53aec716273.json | 178.253.29.51 | | 846 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/73ad3e60e189f328e251a53aec716273.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash730bd58f457e46b6ac3b9f6028a8e162 79d4e964a4de0e58973705ff75bd01d22dd163e5 e167d372543fa4e7e3b4c8a17f67dbfb6a60adc1371ae5c7e7e8ebff97829485
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/73ad3e60e189f328e251a53aec716273.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
content-length: 846
last-modified: Mon, 07 Aug 2023 13:49:51 GMT
etag: "730bd58f457e46b6ac3b9f6028a8e162"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9b68ddfb3774b1a7929de6e484aca49a.json | 178.253.29.51 | 200 OK | 167 B |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9b68ddfb3774b1a7929de6e484aca49a.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash03158ff80c6e448da55d5672eb032b77 fc39a273b30415c7431f21fecdc4a5bf2694c7e2 e584a61ab508b69c5b9a4ab2e4dd86e3b7e7094547c4739d048ab1f639a8025c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/9b68ddfb3774b1a7929de6e484aca49a.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
content-length: 167
last-modified: Tue, 22 Aug 2023 06:44:19 GMT
etag: "03158ff80c6e448da55d5672eb032b77"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/ab7b4a1bc60033d1ee0be64d0074e4b0.json | 178.253.29.51 | | 976 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/ab7b4a1bc60033d1ee0be64d0074e4b0.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash5004f1883be9a4a8985c93b9323311d3 3d2a8c62126da89fd84c27b59e816d27a3862e07 af74469643e07baba128bf91fdd87f0f255c8503fae04cb3d17961b600f0617d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/ab7b4a1bc60033d1ee0be64d0074e4b0.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
content-length: 976
last-modified: Wed, 07 Jun 2023 08:08:57 GMT
etag: "5004f1883be9a4a8985c93b9323311d3"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6cedaf252b67d0dbabeecb596db64871.json | 178.253.29.51 | | 836 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6cedaf252b67d0dbabeecb596db64871.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashb26a415353b83bc6b08c1cdab5caee2f 85c655b0c74e2a3f6bef230062f2dff910fc6e4e 5a17c23c2edc35555f543a1b5cc623d99383b384d0577d20352c1073439ef663
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/6cedaf252b67d0dbabeecb596db64871.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 02 Feb 2024 08:24:16 GMT
etag: W/"b26a415353b83bc6b08c1cdab5caee2f"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7V60YW2S5H&cid=1178615824.1715055585>m=45je4510v893859730za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1787360786 | 142.250.74.131 | | 42 B |
URL www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7V60YW2S5H&cid=1178615824.1715055585>m=45je4510v893859730za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1787360786 IP142.250.74.131:0
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7V60YW2S5H&cid=1178615824.1715055585>m=45je4510v893859730za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1787360786 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 May 2024 04:19:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/4e38cdf2b5d77aba4fb2630db5d13097.json | 178.253.29.51 | | 3.1 kB |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/4e38cdf2b5d77aba4fb2630db5d13097.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash00016d59394dbec5ec0fb1cc7cc87f70 ac61517dc4d77edd46e06aa66dca8b47e21fc64a d8a350d41a5611bf32b7c03888b7bd9921eb2b016760c22d95fd5f6cb0c2e8ec
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/4e38cdf2b5d77aba4fb2630db5d13097.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 25 Mar 2024 15:12:10 GMT
etag: W/"00016d59394dbec5ec0fb1cc7cc87f70"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json | 178.253.29.51 | | 543 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash2f999350fc2eea344d910e8a01de406d bcfeaa8fadc7ca87115d7e36c955bd0df504b8ad c73c55fa3a522662241013a108e6043dd4cde3fbfa2be0ed4a4940582e26ed36
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
content-length: 543
last-modified: Thu, 29 Feb 2024 14:14:28 GMT
etag: "2f999350fc2eea344d910e8a01de406d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json | 178.253.29.51 | | 822 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashbe781196159e458a9a157a93f6981363 54b5bb6ddb54aefb6dc1eeeab89afdf48079e959 71bf1763541ee0d4298863f03c291b09029668d448e8077518717b8810ac910f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
content-length: 822
last-modified: Mon, 08 Apr 2024 09:13:00 GMT
etag: "be781196159e458a9a157a93f6981363"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json | 178.253.29.51 | | 499 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashe3d17d66f9e675ca9273e04470203275 e676da597ad577652921e9af98e79b986ec158ae 5c26acb3823aedc062268da24385061135d42171888bb5f5a0a8f63ba09c67d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
content-length: 499
last-modified: Mon, 05 Jun 2023 14:13:26 GMT
etag: "e3d17d66f9e675ca9273e04470203275"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/api/v3/promotions/amounts/convert | 178.253.29.51 | | 1.2 kB |
URL 1xlite-461430.top/web-api/api/v3/promotions/amounts/convert IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashe6eda5818f119a0a7bcb456f2b5f28ac 7e90d4689448aba15e1088c49a7f8781241b58e9 a527a910cb89f1016fcaa706276170a15487619ed4435fea6711122b510c3d9d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /web-api/api/v3/promotions/amounts/convert HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 712
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=18, dt_total;dur=19.175, wf-uht;dur=0.040
traceparent: 00-82982da0b323e07386298409c5d10357-0d33ae1460aa5339-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json | 178.253.29.51 | | 958 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash24ec1c171afe6836881e2fba1ed559a0 588a08d22de446d484f8f51402994f37ff2527c2 a0c14f5476683e6eb7381c1820c0e914c02911ab9d24170e61548e661017f96f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
content-length: 958
last-modified: Tue, 18 Apr 2023 10:33:32 GMT
etag: "24ec1c171afe6836881e2fba1ed559a0"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json | 178.253.29.51 | | 184 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash36777c63209967831ddd2926e229b69b 7a59de3bd5fd0406a1becbd4fc6bdb49a996a0fa c2087429233dc14f1ad96cf9b7d1f4ecf0f32fabab7fc37999644a488d10dbc2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
content-length: 184
last-modified: Thu, 09 Nov 2023 06:22:56 GMT
etag: "36777c63209967831ddd2926e229b69b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6383baf4fc61037b3c4990e9b55f947b.json | 178.253.29.51 | | 643 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6383baf4fc61037b3c4990e9b55f947b.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash5964e3e4fd5fa89ee9aee228e1572aa9 a2496d82f9dd777e1095c853e4fe281f33ce131f 6483a840daa604ea63da72f2defeb1cc09e4e4ee09243966f7d7ba49e351e940
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/6383baf4fc61037b3c4990e9b55f947b.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 05 Dec 2023 11:58:07 GMT
etag: W/"5964e3e4fd5fa89ee9aee228e1572aa9"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/bonus-api/category?currency=NOK&language=en | 178.253.29.51 | | 387 B |
URL 1xlite-461430.top/bonus-api/category?currency=NOK&language=en IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash8ec12807e20d04415b577d36b6ade9e7 e76d2f9a22e9aa0d82238039ecdfa070bc2c0849 af862004a1cd5475f9da3519dd75dc54b871797e0ed59fed4c839dce1fd9332a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bonus-api/category?currency=NOK&language=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
content-length: 387
cache-control: no-cache, private
server-timing: p;dur=118.37601661682, dt_total;dur=120.425, wf-uht;dur=0.128
traceparent: 00-64d0a74efb94494d6ef69537913a438a-1e20856b96e1d1ba-01
x-dt: 285
x-request-id: ae141742988bd6dd97a4c1cabfefed82
x-time-ng: 0.120
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/12d8ee2576692fff036a68507fb52970.json | 178.253.29.51 | | 2.0 kB |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/12d8ee2576692fff036a68507fb52970.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash38f190a4cb1989aed041659da0a372aa eec181f8bddbf93e43c35f7718b3f9dac029bab6 cd2726700d70053e8bc5c7a2c24930598c56856147745eb208722586a17eb6f4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/12d8ee2576692fff036a68507fb52970.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 14 Mar 2024 18:43:34 GMT
etag: W/"38f190a4cb1989aed041659da0a372aa"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e146d07dba2ed6087cb9b401ce8b1b43.json | 178.253.29.51 | | 1.8 kB |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e146d07dba2ed6087cb9b401ce8b1b43.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash338264fc869e8f0b86b0d6c9d92102b0 83b4d35816df0e1486b766251e74d23f28b77824 015355a44429f40dd63b566dd1e9b1b76af3dfa28dcd25a43e82820ba0847b8d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/e146d07dba2ed6087cb9b401ce8b1b43.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 02 Feb 2024 08:33:56 GMT
etag: W/"338264fc869e8f0b86b0d6c9d92102b0"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/bonus | 178.253.29.51 | | 30 kB |
URL 1xlite-461430.top/web-api/bonus IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash7ae4e8cce7a1e0cb747eec504d0b9a56 c1774de52d91fe890499d94c6dafcaf32a032fde 9ec5756188b32c1bd163ae843df891cd6c73433c7429d06cfddb4f34528a77e6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/bonus HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=336, dt_total;dur=349.886, wf-uht;dur=0.359
traceparent: 00-7fa8eaeb15c29740c5cb3c5cd2109173-1ab852748a3e034a-01
x-dt: 285
x-time-ng: 0.342
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.webp | 185.244.209.62 | | 30 kB |
URL v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash905dd1d3172673fc22a835b1cf858948 61c67b62dfcbacb5bd6698d0c2bb154cf7405615 36db7919d6f4f2770823e140becedb8d983a4b0ce1048e0c12cd2557bf668e8c
GET /genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 29872
last-modified: Fri, 12 Apr 2024 12:30:49 GMT
etag: "905dd1d3172673fc22a835b1cf858948"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ddd358c14e504e3a08756a030aa57fe5-0c853ea0140d097f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T15:01:22+00:00, 2024-05-07T03:23:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json | 178.253.29.51 | 200 OK | 11 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash4ceca6711e35f002e5d82e7e710000c1 1bd282f8a354b362b4a860ef3fa2fb915f9211a8 cbb3ecf2ae1465a5d387c3e4582a5bafa1368c96db6ad3cdef0951a363dd9f0d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 06:25:42 GMT
etag: W/"4ceca6711e35f002e5d82e7e710000c1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.webp | 185.244.209.62 | | 9.5 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashe74e38a96e2b86b49bce5a4ecdb2e456 8ed3fce32fa8d91d39bd0bb642e3c45516d8a9eb f7ca5371dc68183854f2893aa3d99bba1e080f3b2d6146a99e7561f9b79dbe87
GET /genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 9528
last-modified: Fri, 12 May 2023 09:54:31 GMT
etag: "e74e38a96e2b86b49bce5a4ecdb2e456"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5d3c438cb866ab746f19222f580fbc37-f745494cd46027c5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:36:29+00:00, 2024-05-07T03:45:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.webp | 185.244.209.62 | | 22 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash39d1dc105345cff4c37199d4ae2857d4 dbeba1282f82a8fbca0045713fee8bf48bd58098 6085511f9d0d73ae4e466fc3392ddad94f271750d945bde6b5abb4143d86d9e9
GET /genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 22154
last-modified: Mon, 15 May 2023 10:48:41 GMT
etag: "39d1dc105345cff4c37199d4ae2857d4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e7675e39d863cf2a489750c412af7d2e-46ccc2edfb5c4a6b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:27:22+00:00, 2024-05-07T04:18:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.webp | 185.244.209.62 | | 44 kB |
URL v3.traincdn.com/genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash820c2301c27f8e114d81fccc88c8cbee 247adbb42e4149425c90a98095b859347c016ff1 22c6ceb46195434759afbbe5f799723d4cf658d22d312fb7f194c88782a2cda4
GET /genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 44068
last-modified: Sat, 13 Jan 2024 19:54:13 GMT
etag: "820c2301c27f8e114d81fccc88c8cbee"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5c6d0f244736bd2e33750dd7bedd3dd3-e485957ebfce453f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-14T09:54:27+00:00, 2024-05-07T03:24:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json | 178.253.29.51 | | 33 kB |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash5f6393bd6febc268d33cb235c7eec194 819eb4409582bcea038e527fd5859dde2d13e0e7 9ae42c0a8d88add1a2d54faab5d819c619cb2a2a1eec7595fe1029a91449efb0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 14 Nov 2023 06:21:55 GMT
etag: W/"5f6393bd6febc268d33cb235c7eec194"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.webp | 185.244.209.62 | | 48 kB |
URL v3.traincdn.com/genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hasha0339a106d8746d304f69e1b730d2b13 3f2b1c54fda62bd6acad6c8e818ca9b0a242ca4c 0f595c354ed2f9e32665d208359fdc786b20358164171744db96644051e49f4d
GET /genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 48058
last-modified: Tue, 28 Nov 2023 14:15:19 GMT
etag: "a0339a106d8746d304f69e1b730d2b13"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-609af1dfb9044500ab11eb4970d7ff1d-5c78482fac8babe6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T09:03:01+00:00, 2024-05-07T03:36:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/become-legend.webp | 185.244.209.62 | | 108 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/become-legend.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Size108 kB (107976 bytes) Hash314b18cfe996f7ac145db7d302dcf1b3 cf49cfe63d75c447b4da918bd06d8938584edbfa cd0f72608f9e60537a3a489e47cc2c2718e23837bd24f1dc502d110ccef6bd3c
GET /genfiles/cms/1-285/desktop/bonus/rules/become-legend.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 107976
last-modified: Fri, 01 Mar 2024 08:28:39 GMT
etag: "314b18cfe996f7ac145db7d302dcf1b3"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8502d39ae9ac72150630c8def3d2c0dd-0b937ffee1a62142-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-01T11:44:46+00:00, 2024-05-07T03:45:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg | 185.244.209.62 | | 52 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typegzip compressed data, max speed, from Unix Hash533b7fc4a6904a01ec8344de0dc195c9 d256f0b09c970231cdd332c260da86116467d205 414511443a4fec4cb7558059ac9f21f5b6e2caef11c60d722fae43fb58e71014
GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:40 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-377af667f0e7b1e5c7e64098a2747f32-623b19da5e167024-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-11T08:32:05+00:00, 2024-05-07T03:53:59+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/external-api/promotions/psg-show | 178.253.29.51 | | 51 kB |
URL 1xlite-461430.top/web-api/external-api/promotions/psg-show IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/external-api/promotions/psg-show HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/promo-frame/en/promotion/psg-show
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 403 Forbidden
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=27, dt_total;dur=28.619
traceparent: 00-365309979e187d7b6885590c36a4072e-4c7d2d3dbce14503-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.028
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.webp | 185.244.209.62 | | 16 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash8842d3a0770dc1fa54e2eb4283de9291 5ddc91173e4cf4609f607bac9936a845ffe727f1 15abd87aa7b3db6da681f7912a472c23de1a259e889738db3b1df24c4d2707a3
GET /genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 16192
last-modified: Mon, 02 Oct 2023 07:53:39 GMT
etag: "8842d3a0770dc1fa54e2eb4283de9291"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8a1c43ab7b338de70b5ebddd84b2fd9e-339175751156b0ab-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-05-07T03:45:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.webp | 185.244.209.62 | | 118 B |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeHTML document, ASCII text, with CRLF line terminators Hashb58d632409efb03916cfef3229576c55 c2fb66483c899f427b0354d52b080ce8bb6b47c4 b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176
GET /genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5a274aca81759095dc0e2ed125d119ab-6986004a338e5973-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.webp | 185.244.209.62 | | 41 kB |
URL v3.traincdn.com/genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 320x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashdb450552e670bbdad66544b69eb363d9 3cd2f0307c9b7bea0b94cd9337a5cdcf6e396250 dd7368b9f4913ae02e5d49cda2d67a56197e3a92537486470d93de634be5273d
GET /genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 41040
last-modified: Mon, 26 Feb 2024 09:18:12 GMT
etag: "db450552e670bbdad66544b69eb363d9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0238f424e532ca42d7645b01faa101bf-ef51a1d1d1273995-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-26T11:22:28+00:00, 2024-05-07T03:45:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json | 178.253.29.51 | | 41 kB |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash269ccea9c3f07d37d497b4911e5d6e0b f2cdc5da71758c8d07c2001d17ffe6ca31dccaa0 6b993b69b051271a06e7926be8f63fcdb0923cfad186c57c34320421721dabc6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/335c890fd105e47c6a63cd5ca164e8ba.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 14:59:39 GMT
etag: W/"269ccea9c3f07d37d497b4911e5d6e0b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/birthday.webp | 185.244.209.62 | | 12 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/birthday.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash9a12fd308fdcacc0adb16d2476e2efe9 fac9675ec0a1041f757f11413fe0c359edd0b141 f7da0fac7df7744f1812cebabe061252bf8e8cb786e066ad76b48f96f1a17b64
GET /genfiles/cms/1-285/desktop/bonus/rules/birthday.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 11684
last-modified: Tue, 11 Apr 2023 17:52:19 GMT
etag: "9a12fd308fdcacc0adb16d2476e2efe9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1ad951d26547cad6bc71372b1dd0ac9f-35096574dafa8fd5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:16:15+00:00, 2024-05-07T03:45:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json | 178.253.29.51 | | 471 B |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashf117f2ecd3a10db0e2d79159b68fcf2f c3477f016b8a8001b765835b30c64ef6f6a37c95 59d4508907da1d618732422129b741f7288c7b344d0d0d6236f16e16c0bc257d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 26 Jun 2023 07:10:34 GMT
etag: W/"f117f2ecd3a10db0e2d79159b68fcf2f"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express.webp | 185.244.209.62 | 200 OK | 26 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash76f4f94caeacb3ea3e799f76517c2e77 e4532a2e775a346d81f16c0964b9bfc8cb679842 ac636f011f118593e402c29660bda51edb682670d22b82ca018d05faf7f1e18d
GET /genfiles/cms/1-285/desktop/bonus/rules/express.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 26210
last-modified: Fri, 12 May 2023 08:45:56 GMT
etag: "76f4f94caeacb3ea3e799f76517c2e77"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-11e2d4f8ff0e5f3508db9c24ab40c025-cf59d37f7a2af0ea-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:16:15+00:00, 2024-05-07T03:45:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json | 178.253.29.51 | | 39 kB |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashbecb2e7c22d23ed7b8c378c346c643f1 0b4c891625b0a2b9b528309353d7f614dd6c7b3b d30163973a6fb0b5e99419860a2b5c37a83887cacd08115b71032b1b40220edb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 07 Mar 2024 10:41:59 GMT
etag: W/"becb2e7c22d23ed7b8c378c346c643f1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.webp | 185.244.209.62 | | 62 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 315x250, components 3 Hash5aaddf2c56dd3132a3eb40fd514309c6 74dc6650e0bc516bbefbe1da71fb5e0243e69191 5989764a0ab5e33ea4d229993ff2842fc8d9fe15e6a7ab42de32fc326e28b1c2
GET /genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: application/octet-stream
content-length: 61571
last-modified: Tue, 11 Apr 2023 17:52:34 GMT
etag: "5aaddf2c56dd3132a3eb40fd514309c6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a0e5919d2c2d2184b61f6636c90c7e09-67e42e9226132fde-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:39:07+00:00, 2024-05-07T03:45:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/loss20.webp | 185.244.209.62 | 200 OK | 27 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/loss20.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash0380f55e7529165ae4d1a7711a856e71 62fe2f40e9e20f52c357e54ee693c76bde7f9687 bd318ab4b3134965f5cdc86b6b7b1ef2fd107b2e8607d20a9fbbbf26c9336d89
GET /genfiles/cms/1-285/desktop/bonus/rules/loss20.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 27102
last-modified: Tue, 16 May 2023 09:12:24 GMT
etag: "0380f55e7529165ae4d1a7711a856e71"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9a20f229b4bdee6cf36a2cade6b4a8f5-6a674bdbcadb7e26-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:16:15+00:00, 2024-05-07T03:45:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/percentage.webp | 185.244.209.62 | | 12 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/percentage.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 320x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash23cdbdab7f6c29d23a3ae864fa3f3d4e 043bafd75f65788716a5be5856ec40299e0ec346 61c7198b963bf41030704724217c3faa3fe4450d7786b18af8782daf6e5dcafc
GET /genfiles/cms/1-285/desktop/bonus/rules/percentage.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 11590
last-modified: Thu, 22 Feb 2024 07:23:11 GMT
etag: "23cdbdab7f6c29d23a3ae864fa3f3d4e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7009780dd54b9332369f233dbdc6c03b-dead8f1e59d94ea3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-22T09:05:18+00:00, 2024-05-07T03:45:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json | 178.253.29.51 | | 8.0 kB |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashdfe0c8d8abf7084df9e624f1f4065e59 6cbd38545e7ff3ee00aca5c80f5eb9847da631b5 e596939ede2be48722c636d78de1ec21e3ab6b65a7d86044ea2cff3fe3e8897f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/631f900db751ade3379a9ff0d7c00b5c.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 18:28:29 GMT
etag: W/"dfe0c8d8abf7084df9e624f1f4065e59"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/beatus.webp | 185.244.209.62 | | 12 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/beatus.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashbbd5effd93dd90aeb3587a33e4976b44 13b331c36e7b5a6e7eaee9fabeaa89efc668af89 ab5e828e09e0e3598e23d4570ec7c4c0e66573de6edda8a103b24c16df63f1c1
GET /genfiles/cms/1-285/desktop/bonus/rules/beatus.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 12142
last-modified: Fri, 30 Jun 2023 07:38:24 GMT
etag: "bbd5effd93dd90aeb3587a33e4976b44"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b75391f967bde3258d82a56517d76ff5-a4445ab347b41e54-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:04:50+00:00, 2024-05-07T03:45:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/champions-season.webp | 185.244.209.62 | | 12 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/champions-season.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hashbf8cbebb37d6522d39bbb5d6c5d736bf 7dc6cdccb164a0b098f2d9d1f137818f5f38241a 84fd6d05039b9501f02f89baada0ade73918cbc8a65cf09eac1ad95bbccc27ca
GET /genfiles/cms/1-285/desktop/bonus/rules/champions-season.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 11908
last-modified: Wed, 06 Sep 2023 12:28:01 GMT
etag: "bf8cbebb37d6522d39bbb5d6c5d736bf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a6940689ff72296c894db13f58149bb5-43783a7a3cc1a0a9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-05-07T03:45:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json | 178.253.29.51 | | 6.1 kB |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashb0a50f5239a6ca38097f89684eae43e4 9610ba54f85b3199d09ccbaf5c3439cff43bf28a 5f96d5a91935d8a7f975d433db80afb8a995edc61ad2d8cbb0161b80dc7aec56
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 12 May 2023 15:17:16 GMT
etag: W/"b0a50f5239a6ca38097f89684eae43e4"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json | 178.253.29.51 | | 8.6 kB |
URL 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash9e5da15e44d6b6bab0cfc7c07ba9495d 4a67254b45112089d0833028de0c9c81acb930a3 0d51ae7eaa1511001f9b8b562a49d1b55d177a655f26035364485f02d5384af9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Sat, 20 Apr 2024 09:17:16 GMT
etag: W/"9e5da15e44d6b6bab0cfc7c07ba9495d"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.webp | 185.244.209.62 | 200 OK | 26 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash3529a9950536352cadc5022231d76608 2883dfd254a6b2ac531e7749bd0986dd4c26b077 f9b9979b91624cafcb1f44cdf9b1a3926417ca700046a19466a94335ff8090cf
GET /genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: application/octet-stream
content-length: 26188
last-modified: Tue, 11 Apr 2023 17:52:28 GMT
etag: "3529a9950536352cadc5022231d76608"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-90b220dc8ac77029c5020f093196aea0-5b27cc280dffad38-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-05-07T03:45:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.webp | 185.244.209.62 | | 18 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image Hash63ffabeefd0ba919618dbdfdd971c45a a4d6ad655ed680ca06e1f98509005b795f195885 c621e44eb52b43f859381b83442a80570ae098356ef5d581a77c84a4417a3671
GET /genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 18098
last-modified: Wed, 10 May 2023 13:36:26 GMT
etag: "63ffabeefd0ba919618dbdfdd971c45a"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3b7df60263684dc89206e84cf495948f-9b69a6022ea52982-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:16:17+00:00, 2024-05-07T03:45:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/esportsera.webp | 185.244.209.62 | | 22 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/esportsera.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashce497bea4e8d6d98f39094d022ae36b6 412a148e5089893045cb686d35f78ad4f6c0d340 a4fd9bbb5a9e00896e0a9a07090f92797034fbba93193605f498f96ab04d1f28
GET /genfiles/cms/1-285/desktop/bonus/rules/esportsera.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 21674
last-modified: Mon, 24 Jul 2023 13:02:29 GMT
etag: "ce497bea4e8d6d98f39094d022ae36b6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e6f425e5c053a6b4899ec1b7dca61bba-8715ee92633254a2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-05-07T03:45:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/race.webp | 185.244.209.62 | | 20 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/race.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashec7e490ee95bbfcbe0960d591252044e 5436d493fbcf370a21f5c3dde65d24d4fd535e9a 8d40342db2cb8b1792f7833eb91a9f7f29f8ce0a5136b2bb944b7e2d2db69722
GET /genfiles/cms/1-285/desktop/bonus/rules/race.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 19644
last-modified: Tue, 04 Jul 2023 07:12:14 GMT
etag: "ec7e490ee95bbfcbe0960d591252044e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-de63bb26edfa1f0f9e1c53a671a216f8-077479dbf8433b87-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:16:17+00:00, 2024-05-07T03:45:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.webp | 185.244.209.62 | 200 OK | 9.1 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashcf73cf5ee3883706242debc9d5f1c52e e071e466fff51b6bff7edf48405c959865bdbe28 53e6a25ee8451c110b3f96164a7917bb8e6f4dfdcf84ec373eebd5b4dc56d88c
GET /genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: application/octet-stream
content-length: 9094
last-modified: Tue, 11 Apr 2023 17:52:55 GMT
etag: "cf73cf5ee3883706242debc9d5f1c52e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f5695d993593b60d2bf27cf3541ae993-0632e9c8c46d3a1e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:39:07+00:00, 2024-05-07T03:45:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/top-bins.webp | 185.244.209.62 | | 7.6 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/top-bins.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashd11c77ea0b5452913b78f4119b5dc2a6 51bd74151949ed7bfc8b75c6ff5f06695bdd3501 54b074dd43034216f6d809fd57a81c5ed43a4cee62da841ac1041cc05394cd45
GET /genfiles/cms/1-285/desktop/bonus/rules/top-bins.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: application/octet-stream
content-length: 7550
last-modified: Tue, 11 Apr 2023 17:52:54 GMT
etag: "d11c77ea0b5452913b78f4119b5dc2a6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5f7ba003f177c966049afcb2070beee0-beb27d1f3222f340-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:40:49+00:00, 2024-05-07T03:45:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.webp | 185.244.209.62 | | 36 kB |
URL v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash66f74329e9044a43bc6b2888ac7f293b a3c599085cb4fd80dca8fa060bc2bd888017696c 8b45e16513005aa85953e81f86b40a79f94badf081c76b3fc037c5d09993ea31
GET /genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 35508
last-modified: Mon, 22 Jan 2024 16:34:45 GMT
etag: "66f74329e9044a43bc6b2888ac7f293b"
x-time-ng: 0.009
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0640dbbdef733c7807b89e08cecb60a1-e1c1fee502e67933-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-10T10:44:06+00:00, 2024-05-07T03:24:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store-slider.webp | 185.244.209.62 | | 30 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store-slider.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp Hashfb26390b4171564fe0781859fcceda24 06a0c7a3a55e3c6b9a8e1e57727b3c669f322679 5463e432bd75c1aae1935b19c9965dbf5723c16b73fb5d8290e97b879d8364a7
GET /genfiles/cms/1-285/desktop/bonus/rules/promo-store-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 30198
last-modified: Fri, 12 May 2023 09:22:20 GMT
etag: "fb26390b4171564fe0781859fcceda24"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9fbccb0039e6cf22c269408072c63b32-8e7d1438690a2fd8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-22T02:30:36+00:00, 2024-05-07T04:16:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/toto-free.webp | 185.244.209.62 | | 15 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/toto-free.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashd1c9cf33b4078a369a2ec162bbc4ec00 8b3a2ec69ed7f3dc2bc597cd49cc4e149c016930 d1dd361e05319a43656238aeb770d4b179ac281cfcbacc4b1f250517fabb442f
GET /genfiles/cms/1-285/desktop/bonus/rules/toto-free.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 15338
last-modified: Thu, 29 Jun 2023 09:22:43 GMT
etag: "d1c9cf33b4078a369a2ec162bbc4ec00"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b8d8bf4b6eaa661aee45ab23a1506087-e19cd5fbbe6a512e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-05-07T03:45:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/945x370.webp | 185.244.209.62 | 200 OK | 80 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/945x370.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp Hash9fa64a2876ca3248eebece61f020bbe3 4137b2e942470d844316b2b98841153004f796c2 85021bd78912bc1a5d3e09bd922698fc3f5e6d94d36124981015dd3ed036fb19
GET /genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/945x370.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 80336
last-modified: Fri, 12 Apr 2024 12:30:59 GMT
etag: "9fa64a2876ca3248eebece61f020bbe3"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-22501dd7954bb0f558aa6e889a674487-bd507156935920c7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T15:01:25+00:00, 2024-05-07T03:23:58+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp | 185.244.209.62 | | 118 B |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeHTML document, ASCII text, with CRLF line terminators Hashb58d632409efb03916cfef3229576c55 c2fb66483c899f427b0354d52b080ce8bb6b47c4 b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176
GET /genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4e3c4b2f5884f5a2fe70442d308fbaf7-6223d9dd16544b43-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.webp | 185.244.209.62 | | 34 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp Hashc5774b63275f0389268a7e327d0f407a 81d2fb09c457cd65e2c215244ac5b281a3e6ce77 1099121afbbe2fb3cba7fbd6dd48e0cb8ffaf9191b02278dae692fbbba2a5f86
GET /genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: application/octet-stream
content-length: 34112
last-modified: Tue, 11 Apr 2023 17:52:48 GMT
etag: "c5774b63275f0389268a7e327d0f407a"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:39:12+00:00
traceparent: 00-ffa664de44f082421de1890c744f27c1-50bf448a99f9115f-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.webp | 185.244.209.62 | | 118 B |
URL v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeHTML document, ASCII text, with CRLF line terminators Hashb58d632409efb03916cfef3229576c55 c2fb66483c899f427b0354d52b080ce8bb6b47c4 b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176
GET /genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6db0fba3f1a416011c91178405cf5845-e1c07434f13a01b6-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.jpg | 185.244.209.62 | | 35 kB |
URL v3.traincdn.com/genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.jpg IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x250, components 3 Hashcd68f37caed4fce440617bbfbdc48ed4 ac29fc750245f98996007a7c3484616e10de90b9 0c6bf43c40794a7173623a812f89b868d62c1818e56d29090738cba910af316e
GET /genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/jpeg
content-length: 35001
last-modified: Thu, 07 Mar 2024 10:30:40 GMT
etag: "cd68f37caed4fce440617bbfbdc48ed4"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-adf7aacb57d033f1b3e6b8da884d3f2e-8558d67f96f12dae-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-07T10:30:51+00:00, 2024-05-07T03:24:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback.webp | 185.244.209.62 | | 6.2 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashc92bc7216404cb1bc46cad557d04a4b4 3ad6adb66ed52e54ef1d7adffaec4bf03f51d6df f652aafdaab581a7843ca7939067e4bacfb5c09255a6408c76644187470ca00b
GET /genfiles/cms/1-285/desktop/bonus/rules/vip-cashback.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: application/octet-stream
content-length: 6224
last-modified: Tue, 11 Apr 2023 17:52:56 GMT
etag: "c92bc7216404cb1bc46cad557d04a4b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c43512fbc4a0a836f2227f56122c6f26-b50ec9b76e7894db-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:06:08+00:00, 2024-05-07T03:45:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st.webp | 185.244.209.62 | | 11 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hasha9a36fedcff872396a9f3c7f790713a3 b401c66a5f8b5ab3422964dc1df540bdee8897c8 af610352cfbaf762bac809c78a4cd3c768e412c9bf3a3e2a8f795cded58dc474
GET /genfiles/cms/1-285/desktop/bonus/rules/1st.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: application/octet-stream
content-length: 10554
last-modified: Tue, 11 Apr 2023 17:52:13 GMT
etag: "a9a36fedcff872396a9f3c7f790713a3"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ba649bc70b254c0cf5a8db7b1e45494b-57b098696b97b8c2-01
x-id: osix-hw-edge-gc4
cache: REVALIDATED, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.jpg | 185.244.209.62 | | 35 kB |
URL v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.jpg IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 945x370, components 3 Hash78c87f02eb2b93a8aecfe7683d746f02 8fbacfead73e116de04b6e60ad07235a993729f4 f2bbd2c04d7e8753dbe2fc0dc4db944b7fe0b5d4cf64f77bca765214846e206f
GET /genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/jpeg
content-length: 35060
last-modified: Mon, 22 Jan 2024 16:37:04 GMT
etag: "78c87f02eb2b93a8aecfe7683d746f02"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-10T10:44:20+00:00
traceparent: 00-4520a2abdfeeda0daa25bd0fe6f11d94-74e2b05c73c65c64-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.51 | 200 OK | 23 B |
URL POST HTTP/21xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash73a474520d20ffc12ab8f6e7195c2bd3 060ae9d685315e5403549b1451d4bb7399da9503 c5e15a930cb2c486d1e084097558fc4782642df3dfce6f2fdcc49fe81a780fe9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
Content-Type: application/json
X-Lang: en
X-Uuid: 56b307d1-f94a-46b4-83f0-3db5f9fd5136
Content-Length: 293
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/session | 178.253.29.51 | | 0 B |
URL 1xlite-461430.top/web-api/session IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/session HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 07 May 2024 04:19:49 GMT
cache-control: no-cache, private
server-timing: p;dur=13, dt_total;dur=43.901, wf-uht;dur=0.051
traceparent: 00-5ac542c1a4b6de48cd8b082f142ec3f3-a49696a8294b847f-01
x-dt: 285
x-time-ng: 0.038
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/hd-api/external/api/web/v1/converslon/load | 178.253.29.51 | 200 OK | 79 kB |
URL GET HTTP/21xlite-461430.top/hd-api/external/api/web/v1/converslon/load IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash757f92adb2365f11a59e9203f367c838 f80f0c2ffe15a65258937e8dfaa90e433568bf50 43b3b55c3d344ecff072fef0868c0e245148ed3ff9cc242303a3c02b631b9e25
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:50 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-8e4efc77bcbf38fb8a95fd7a3f4f8e58-3d227ed6e46cf94e-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: d56bfaac8d3139df304529946e37fbfb
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=5.489, wf-uht;dur=0.014
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63748, version 1.0 Hash6887b6f24414dbc612dbf42ccdc76b70 8068d3abfbc6cbf35b55919da45b1f4d2d136238 fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:50 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-91ae756d08fa44cf5e7c35be03933c90-2bc5e22de3d526b4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-07T04:00:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 | 185.244.209.62 | | 65 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeWeb Open Font Format (Version 2), TrueType, length 64732, version 1.0 Hash3ac5d40d1b3966fc5eb09ecca74d9cbf a69f32357765dd321519889aeacba5e9ca893bb0 3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:50 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2ae9b442f14d1049e777eeeabfe8f385-5b34e0ab0fa85bcc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-07T03:36:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/api/web/v1/config/actualDomain | 178.253.29.51 | | 64 kB |
URL 1xlite-461430.top/web-api/api/web/v1/config/actualDomain IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashe90508cca101d9cb990de4c1ac272162 f2eff8d50f5d46fb966acd5ce6eae0e6928698f5 11d2a39f89bd0f2c2d4bce0007c223e73a00e54ac7423b3eff9ceec40b477e99
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:41 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=62, dt_total;dur=64.407, wf-uht;dur=0.076
set-cookie: SESSION=cef929b9a098eaa3d471c6ae63634a26; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-85bb81c9a86d3d5740cc26cf5dd2f781-221c7cc728b9255a-01
x-dt: 285
x-time-ng: 0.064
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63748, version 1.0 Hash6887b6f24414dbc612dbf42ccdc76b70 8068d3abfbc6cbf35b55919da45b1f4d2d136238 fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:51 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-78c6effba4cf18c9bbf8b9159f7d9d4a-f76ccec60604e4ee-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-07T04:00:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/web-api/api/v3/bonuses/first-deposit | 178.253.29.51 | | 65 kB |
URL 1xlite-461430.top/web-api/api/v3/bonuses/first-deposit IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash6c497f6fefa1ff03d2b3f026ca9ea1b2 67708749c2923ee8fb64f119bfe6601df89cc754 62d6341764aac9fa45a7c7c304e969a0408d60f679d5142d0faa28e178d132c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=38, dt_total;dur=40.589, wf-uht;dur=0.053
traceparent: 00-8aedfbb4367c061f8fa2fff9cce6f4c3-a923f3933ecb8c09-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.040
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 | 185.244.209.62 | | 64 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeWeb Open Font Format (Version 2), TrueType, length 63920, version 1.0 Hasha65527fcb58f66a7cfbc0e6b160538b4 45d260e7fa343401b5bb0df982a014f53e2d253b fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:51 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-45ba079aaa9e28992b06d15cbb1d4c1a-e02f95aef2bed6c2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-07T03:27:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/hd-api/external/api/web/v1/j/fead509j986i0d90ae4879b48f156aeef3d194959b595c9f5be0 | 178.253.29.51 | | 514 B |
URL 1xlite-461430.top/hd-api/external/api/web/v1/j/fead509j986i0d90ae4879b48f156aeef3d194959b595c9f5be0 IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash5e2368afbafd7dcf11eca0b3486a07ec abfec689c10b59b971b2e81d4e4a4dacbca21d3b 2e877811f663c2e58d347dfb16a774b980892e75a72ddff89b514d531cbeef79
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /hd-api/external/api/web/v1/j/fead509j986i0d90ae4879b48f156aeef3d194959b595c9f5be0 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105916
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:52 GMT
content-type: application/json
content-length: 514
content-encoding: gzip
traceparent: 00-f448e48841d05f8b5834d68e52569600-22e96f4bf4c60057-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 278b074dcb13c6d64852d32234b55aa1
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=12.487, wf-uht;dur=0.037
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js | 185.244.209.62 | | 2.4 kB |
URL v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeJavaScript source, ASCII text, with very long lines (6444), with no line terminators Hash60f915b0daad3af04303726381897e81 133c20a7f58c18758483c23f595d5a4f22ba9371 320b5a7d25c926dc55eb7a53f4348bf7c34bd7f5bc6ad3bcd1d16029239dc3a1
GET /_nuxt/desktop/default/analytics-a8ae3276.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Thu, 02 May 2024 12:52:18 GMT
etag: "66338c82-982"
content-encoding: gzip
expires: Sat, 04 May 2024 08:41:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-304ee25be2210b55841c277a671d4a25-ba1ce80f964587f6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T08:41:45+00:00, 2024-05-06T09:22:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 | 142.250.74.168 | | 106 kB |
URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP142.250.74.168:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (10899) Size106 kB (105894 bytes) Hash342a7046761f9b2e52ea65f2096f41ad 71a59a7c638136c76cfb66274099d8f69a9f0927 96afc246def18f7cbd85e070c4b9514c5e6235f053ddeea4b4038bbc6b68c0f3
GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 04:19:52 GMT
expires: Tue, 07 May 2024 04:19:52 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 105894
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V | 142.250.74.168 | 200 OK | 64 kB |
URL GET HTTP/3www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP142.250.74.168:443
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (1822) Hashadc06dcc8d063ad08a5dee28d441cbc4 0355f3cebac7f59a6e542c527d065a7a52c1e56f 040364fab6c5db15b3837800c7810232c99680bc5b53afb268240d5d9034adab
GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 04:19:52 GMT
expires: Tue, 07 May 2024 04:19:52 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64451
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| radar.cedexis.com/1/23802/radar.js | 45.54.49.5 | | 154 B |
URL radar.cedexis.com/1/23802/radar.js IP45.54.49.5:0 ASN#63911 NetActuate, Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashcfbeaf604823f038b8b46f0ac862b98c 7b9eb1dac48e74fa5f418bc456cb410f88b81d98 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 07 May 2024 04:19:52 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Tue, 07 May 2024 04:29:52 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1178615824.1715055585>m=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=732668596 | 142.250.74.131 | | 42 B |
URL www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1178615824.1715055585>m=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=732668596 IP142.250.74.131:0
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1178615824.1715055585>m=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=732668596 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 May 2024 04:19:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp | 185.244.209.62 | | 118 B |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeHTML document, ASCII text, with CRLF line terminators Hashb58d632409efb03916cfef3229576c55 c2fb66483c899f427b0354d52b080ce8bb6b47c4 b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176
GET /genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Tue, 07 May 2024 04:19:52 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b8831c592436f416db60cdf818444887-9a12ee17a6e0e1f4-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st-slider.webp | 185.244.209.62 | | 18 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st-slider.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp Hasha4b243f76ff572881d54d6d590fb7cdf dd97d6d98143012e8adecef2a7fad511f7b6c453 ea844aab8b34dab774ad139535dbdd01f9c3886736e241d34bc2088409ab1f10
GET /genfiles/cms/1-285/desktop/bonus/rules/1st-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:52 GMT
content-type: application/octet-stream
content-length: 18056
last-modified: Tue, 11 Apr 2023 17:52:13 GMT
etag: "a4b243f76ff572881d54d6d590fb7cdf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T09:34:29+00:00
traceparent: 00-b5aafc211f1cfeb070c8fdae055439b7-5f685c541978a033-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/bff-api/config/contacts.json?type=2&lang=en | 178.253.29.51 | | 1.2 kB |
URL 1xlite-461430.top/bff-api/config/contacts.json?type=2&lang=en IP178.253.29.51:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hash5e57488ece417dfb2d0d023a6c9d0423 cc3add288721c1e6c3d3e9413fd0de50a9d38467 8da57ebaa0d0d6ecfbac547e80404973484e6cd38820bb8adfcde943511e4c28
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/config/contacts.json?type=2&lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=1280; SESSION=cef929b9a098eaa3d471c6ae63634a26
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=38.70, dt_total;dur=45.354, wf-uht;dur=0.053
traceparent: 00-5d27efbf118ec97adb37563c3e44711d-90e9690d8a8fc79b-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.045
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je4510v897130004za200&_p=1715055592342&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1178615824.1715055585&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715055592&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fbonus%2Frules&dt=1xBet%20bonus%20%E1%90%89%20All%201xBet%20bonuses%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=13228 | 216.239.34.36 | | 0 B |
URL region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je4510v897130004za200&_p=1715055592342&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1178615824.1715055585&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715055592&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fbonus%2Frules&dt=1xBet%20bonus%20%E1%90%89%20All%201xBet%20bonuses%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=13228 IP216.239.34.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7JGWL9SV66>m=45je4510v897130004za200&_p=1715055592342&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1178615824.1715055585&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715055592&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%2Fbonus%2Frules&dt=1xBet%20bonus%20%E1%90%89%20All%201xBet%20bonuses%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=13228 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Tue, 07 May 2024 04:19:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.51 | 200 OK | 23 B |
URL POST HTTP/21xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
Hashb4b21c471dd6a7700a31a5a311e6967d fdcdbeb61b0661ad4cdf998fadf4f6055133cd9e 15f85596073a1bde2ae03049c9995671da23691781d378a8b6b79798cea36603
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
Content-Type: application/json
X-Lang: en
X-Uuid: 56b307d1-f94a-46b4-83f0-3db5f9fd5136
Content-Length: 99
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585; _ga_7JGWL9SV66=GS1.1.1715055592.1.0.1715055592.60.0.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:53 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit-slider.webp | 185.244.209.62 | | 29 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit-slider.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp Hash69e08eb4707e2b55f7a4b0d61b671acd ec908bf196e04dc6300a6eafe0a7f8154eaf134f a35c75862eabf6ecb98f298f765eedaa830e221cea1b1a3e2b1c5bc55dc9ef67
GET /genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:20:02 GMT
content-type: application/octet-stream
content-length: 29294
last-modified: Tue, 11 Apr 2023 17:52:48 GMT
etag: "69e08eb4707e2b55f7a4b0d61b671acd"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-03-11T07:36:41+00:00
traceparent: 00-8f237df5dbf5c0d411d80324342afccc-664b4e568450eea8-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/sounds/new-message.mp3 | 172.64.148.184 | 200 OK | 30 kB |
URL GET HTTP/2widget.suphelper.top/sounds/new-message.mp3 IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeMPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo Hashef9af24dc7dbd24ffd99c832e1300351 f78744a5013038446c468de14f205f2d52373fd6 5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9
GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 04:19:43 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"7500-18f381bf786"
cf-cache-status: HIT
age: 1816
expires: Tue, 07 May 2024 08:19:43 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87fe69d3fe78568d-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/goalless-football.webp | 185.244.209.62 | 200 OK | 50 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/goalless-football.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash2eb5029e4de53b55ebbbcd6f2bc5f4d9 78e0d7382e7196ef120697bd25c86ce971cf1352 4f46fd0d8f32a4585f0c880fa91cbdfce37bc675c645a2d8e84210baba13440b
GET /genfiles/cms/1-285/desktop/bonus/rules/goalless-football.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 50494
last-modified: Wed, 06 Sep 2023 08:29:12 GMT
etag: "2eb5029e4de53b55ebbbcd6f2bc5f4d9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-34cd6f9f3a5fad7c0326791b15229b8c-ba03b3432cf7b767-01
x-id: osix-hw-edge-gc4
cache: REVALIDATED, HIT
x-cached-since: 2024-05-07T03:45:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json | 178.253.29.51 | 200 OK | 8.1 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (8926), with no line terminators Hash33a8d84b65be76b07b379586ce0f30f4 d3c3a3a7c188444d7c25961a62149b97f9de1725 8cbf747c3e3ffa25baee745930d5855d78ec027e3e0c6e0bc69bfde8bc16aeaa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:46 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 13 Dec 2023 14:46:07 GMT
etag: W/"a60fb63e7c35ba8cdb1d0851ff960b1b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2
|
|
| 1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/4248ac2021dc04c1d42b10d68aca3b11.json | 178.253.29.51 | 200 OK | 3.1 kB |
URL GET HTTP/21xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/4248ac2021dc04c1d42b10d68aca3b11.json IP178.253.29.51:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerLet's Encrypt Subject1xlite-461430.top FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91 ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT
File typeASCII text, with very long lines (3458), with no line terminators Hashe020b60228a3739c141fef4208d28fe1 1644bdd97833c765f2d883cc5e9f77ce6c451b13 ea2f5cd3373a7c14995ee0e1bbd1cc12b003fc5944d2c58ecd55d987488d4539
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/4248ac2021dc04c1d42b10d68aca3b11.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2Fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3294972m_1599c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3294972m_1599c_; postback_watcher=%7B%22tag%22%3A%22d_3294972m_1599c_%22%2C%22site%22%3A%223294972%22%2C%22ad%22%3A%221599%22%2C%22pb%22%3A%22f1312d69b5af41cc85d27527772a1085%22%2C%22r%22%3A%22promotions%2Fpsg-show%22%2C%22click_id%22%3A%221854_16641_123_11t_663102feebcbc_27x16641x34022803dd5%22%2C%22site_id%22%3A%2216641-n6lZ21yovp%22%7D; platform_type=desktop; auid=sv0dM2Y5q9wx6wDVAxl/Ag==; window_width=0; SESSION=cef929b9a098eaa3d471c6ae63634a26; che_g=f341e22b-9c76-e985-767b-202c316cd026; application_locale=en; sh.session.id=8169a9e9-e533-4fe5-a8b4-766cce2850b9; _ga_7V60YW2S5H=GS1.1.1715055584.1.0.1715055584.60.0.0; _ga=GA1.1.1178615824.1715055585
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:45 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 11:33:40 GMT
etag: W/"5696ef1b371a34f9ef6d91bde17f66e7"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.webp | 185.244.209.62 | 200 OK | 38 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash1d495d767fa8c94066d188431eb797e0 940bc07d4ac6fc836661b6e3d0860509de648b3b e6aff9ac6666aeef484341c417a21fcddc49f9488af30b03a20af0d1a722eb94
GET /genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 38184
last-modified: Wed, 10 Jan 2024 05:53:56 GMT
etag: "1d495d767fa8c94066d188431eb797e0"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-01-16T11:30:17+00:00
traceparent: 00-b975e4c2b7c02b7461072d7e5a1fc6e6-f6f9c38cc1bb89dd-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js | 172.64.148.184 | 200 OK | 3.8 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (3855), with no line terminators Hash7288e202ab8e4cf1b7f60eed709e0986 c10effeb29bf129a7c81688b9f3a7d5485272e87 56e695b4675b50d55a92f006109771a67da822050f5ae03fd2ad02c1a9565b58
GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 04:19:42 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 553227
expires: Wed, 07 May 2025 04:19:42 GMT
server: cloudflare
cf-ray: 87fe69cffb79568d-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js | 172.64.148.184 | 200 OK | 37 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (36674), with no line terminators Hash6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3
GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 04:19:43 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"8f42-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 561571
expires: Wed, 07 May 2025 04:19:43 GMT
server: cloudflare
cf-ray: 87fe69d35e11568d-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.328/285/common.svg | 185.244.209.62 | 200 OK | 147 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.328/285/common.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Size147 kB (146981 bytes) Hash7bf3e9e7d79beac942f5e7748a3af2e6 7c6896ef647506806f2cdbe998d8c9eb845a1754 663e2fc5004af9c6c1969fc5827d7ffdbfeec8d4753efd831208cb179f0a488f
GET /sys-icons/1.0.328/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7f5e9bfec137ba3048eac23b93641524-cc6b8edc0d6a6ee4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:01+00:00, 2024-05-06T12:11:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js | 172.64.148.184 | 200 OK | 481 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP172.64.148.184:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size481 kB (480579 bytes) Hash46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c
GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 04:19:42 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 547667
expires: Wed, 07 May 2025 04:19:42 GMT
server: cloudflare
cf-ray: 87fe69d01b96568d-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js | 185.244.209.62 | 200 OK | 21 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (21232) Hash598d5481ac96b9bf8013b0eb1413b8e5 cc7e3384da379a215ac43b2385e901e22ceb6327 1488ecc35389c72a3aa26d468420069f6b719db456ea82605762311da663b65f
GET /sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:42 GMT
content-type: text/javascript; charset=utf-8
last-modified: Sat, 04 May 2024 09:05:54 GMT
etag: W/"598d5481ac96b9bf8013b0eb1413b8e5"
x-amz-meta-mtime: 1714813304.849408028
content-encoding: gzip
expires: Sun, 05 May 2024 15:32:01 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6d3a6abd8516415fd98e9ad37fc5aedc-9ebc0b652e6252c1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T15:32:01+00:00, 2024-05-06T12:52:42+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.webp | 185.244.209.62 | 200 OK | 30 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-461430.top/en/promotions/psg-show?tag=d_3294972m_1599c_&site=3294972&ad=1599&pb=f1312d69b5af41cc85d27527772a1085&r=promotions%2fpsg-show&click_id=1854_16641_123_11t_663102feebcbc_27x16641x34022803dd5&site_id=16641-n6lZ21yovp CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash127f60172cf16911bf168a7fb61c7ccf 5224ba0a241715cf352c7ea5d2b54d9343cd5877 2c7adb7ce984529f91331d5f8c4d4709471b455e8275d9f8f0fcea7a1b641ee7
GET /genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 04:19:47 GMT
content-type: image/webp
content-length: 30120
last-modified: Thu, 04 Apr 2024 12:21:49 GMT
etag: "127f60172cf16911bf168a7fb61c7ccf"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9ea23d015f04a2875d19d1e6fa668592-84ada20f8f5da2f3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-15T09:12:58+00:00, 2024-05-07T03:23:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|