Report - 1xlite-446241.top/en?tag=d_131637m_14249c_[]MS[]null[]PB_WL[]general[]74406480_d27082_l192912_clickunder&pb=7cb13d3f9d3046d5bffca6ca03342b50&click

Report Overview

Visited public
2025-06-11 09:06:53
Tags
Submit Tags
URL
1xlite-446241.top/en?tag=d_131637m_14249c_[]MS[]null[]PB_WL[]general[]74406480_d27082_l192912_clickunder&pb=7cb13d3f9d3046d5bffca6ca03342b50&click_id=7633fd497d2870456da38e05b856bc32
Finishing URL
1xlite-446241.top/en/block
IP / ASN
178.253.14.230
#202492 Silverhill Group Holding Ltd
Title
1xBet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
radar.cedexis.com	3035	2009-01-07	2013-11-27	2025-06-05	850 B	1.4 kB	45.54.49.5
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2025-06-05	25 kB	4.5 MB	185.244.209.62
1xlite-446241.top	unknown	2024-07-12	2025-06-09	2025-06-09	50 kB	2.0 MB	178.253.14.230

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed
2025-06-11	medium	1xlite-446241.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (49)

	URL	From	Size	First Seen	Last Seen
	1xlite-446241.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js	ScriptElement	760 B	2025-05-21	2025-07-16
Pretty URL 1xlite-446241.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-21 09:35 Last Seen2025-07-16 08:23 Times Seen1115 Hash 0b911773e0df627d77f8306c86e228aa 0d584bb1a3294e4fe42df4582dcc8a2c8f77f7bb 01e4926540498a77d866259516007d41fae1213ab9607db826f011d926fd6006 Loading...

	1xlite-446241.top/en/block	Function	39 B	2023-04-14	2025-07-16
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-16 08:23 Times Seen6090 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	data:text/javascript,export const meta = import.meta;	ScriptElement	32 B	2023-12-06	2025-07-16
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-16 08:23 Times Seen3859 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	1xlite-446241.top/en/block	ScriptElement	1.7 kB	2025-06-10	2025-06-11
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-10 13:38 Last Seen2025-06-11 09:33 Times Seen9 Hash 8a53c52c9301702707029b1c5703d8f2 76f5ea491ddfb4280066aef494a5fcbfa057602b 0ff970b62fab8838fa15483c8a3f858eedf23142c607c679f8a7fdff96ab4b71 Loading...

	v3.traincdn.com/main-static/08375d4a/desktop/default/Page.Block-7d7b08d1.js	ScriptElement	476 B	2025-06-03	2025-06-11
Pretty URL v3.traincdn.com/main-static/08375d4a/desktop/default/Page.Block-7d7b08d1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 09:33 Times Seen102 Hash ef137b2bd396a5a981afc77591c7b612 c987135b577d4513484b7ac5ca3f6c8aab3c684b b3ddd11cd8bb86a1b2c85522660223090d290c97fa7e905febf345bb3d6a11c3 Loading...

	v3.traincdn.com/main-static/08375d4a/desktop/default/app-d2bf747a.js	ScriptElement	507 kB	2025-06-10	2025-06-11
Pretty URL v3.traincdn.com/main-static/08375d4a/desktop/default/app-d2bf747a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-10 13:38 Last Seen2025-06-11 09:33 Times Seen9 Hash 3c68f3118cc76c8016a522a42675b9ec 66e61e7b9d6427c59f294843dbd7bb2bfc5a86e1 692f1f3bfee008b9bfb0f57993cf262825186c666f0a4a22c3332b6aecfb1485 Loading...

	1xlite-446241.top/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js	ImportedModule	30 kB	2025-05-14	2025-07-16
Pretty URL 1xlite-446241.top/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-16 08:23 Times Seen1165 Hash 02cf95f00794b77df34632e34a59c5be b64889fb6cbe78a141688ea761a627997ef8a8af bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83 Loading...

	1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5a42a2416f.js	ImportedModule	1.2 kB	2025-06-03	2025-06-11
Pretty URL 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5a42a2416f.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 10:18 Times Seen104 Hash 7fea12865e9461b54b154073fabe2445 6d00cee95d843ce881376b8156669a13209386e4 d3df4a62bdbc16af865011d44db32f27c8d1de9e8d4a90319789083959e792f8 Loading...

	1xlite-446241.top/en/block	Function	34 B	2023-04-14	2025-07-16
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-16 08:23 Times Seen6097 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	radar.cedexis.com/1/23802/radar.js	ScriptElement	390 B	2024-02-13	2025-07-16
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23 Last Seen2025-07-16 08:23 Times Seen3096 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/plugins.v-tooltip-4e620d39.js	ScriptElement	77 kB	2025-06-03	2025-06-11
Pretty URL v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/plugins.v-tooltip-4e620d39.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 09:33 Times Seen104 Hash a5fdbd399fae9d438faf33dc74a667bc c28bc9c7551e7c531ee37e189a0b94de59791481 aa1a21bf0fa073b5635353fdadd95f784c511905e9ebb36288673b2fae789e2f Loading...

	1xlite-446241.top/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js	ImportedModule	865 B	2025-05-14	2025-07-16
Pretty URL 1xlite-446241.top/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-16 08:23 Times Seen1165 Hash 0af3fe0c072a5bb3b6c731767187982f 55db5afb57265dc92fd121fe9ae565ffb2f53b2c 655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30 Loading...

	1xlite-446241.top/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js	ImportedModule	1.2 kB	2025-05-14	2025-07-16
Pretty URL 1xlite-446241.top/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-16 08:23 Times Seen1165 Hash 7e76c08e7f16815131a5f13a10c1efba 5f800877b78a0713157fe119bc1a2d9a260f72e1 c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc Loading...

	1xlite-446241.top/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js	ImportedModule	159 kB	2025-05-14	2025-07-16
Pretty URL 1xlite-446241.top/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-16 08:23 Times Seen1165 Hash 1da464d70e78b04b9b808e82e4ad9487 0c79e65516d1525ecb43d13cfb4ccb0631095a28 b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595 Loading...

	1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/78215d6bcc.js	ImportedModule	2.0 kB	2025-06-03	2025-06-11
Pretty URL 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/78215d6bcc.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 10:18 Times Seen103 Hash b593428c893df62602de33b295628c35 8cedd8f2c28059581ef0624713a8e04dc9d52953 f1f1f2010dde1a27691901a16dc535d10c24c2b633393c4e1d3c173af117e152 Loading...

	1xlite-446241.top/hd-api/external/assets/hdf.js	ScriptElement	4.1 kB	2025-06-05	2025-07-16
Pretty URL 1xlite-446241.top/hd-api/external/assets/hdf.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-05 12:46 Last Seen2025-07-16 08:23 Times Seen909 Hash 40eaa62ed21bd753172f4c307e2a41d0 f7b03c6b004562311c8ca00466179629738b2a40 60fed8cb321dc09e4e1d910b5822bd8f67d53d0962a41ddc9f5ac33edd4e2213 Loading...

	v3.traincdn.com/main-static/08375d4a/desktop/default/runtime-c8f2b1d0.js	ScriptElement	19 kB	2025-06-10	2025-06-11
Pretty URL v3.traincdn.com/main-static/08375d4a/desktop/default/runtime-c8f2b1d0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-10 13:38 Last Seen2025-06-11 09:33 Times Seen9 Hash 079c6abd2b1d392d87b4b97da9581307 36d0d2c97b4807e10f634699f3625e48d1d400db af602b71afa6251f7533b796cc560e6c5cd6a040f6a6bb3910a1e006b6332eed Loading...

	1xlite-446241.top/en/block	Eval	2.6 kB	2025-05-29	2025-07-16
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by eval Embedded in HTML false Observations First Seen2025-05-29 01:53 Last Seen2025-07-16 08:23 Times Seen679 Hash 5236f6ffdc0b23f0b4a458e72ccc2e96 e312439a042f4c726d9566784a0783f5b66f86e9 ed52fb4838e482b45678a5ac8ab73644c4ea46d6a9ac659c20219094e1fdf5d3 Loading...

	1xlite-446241.top/sys-static/shared-assets/Desktop/__shared_base-app_903e6da5a6.js	ImportedModule	790 kB	2025-06-03	2025-06-11
Pretty URL 1xlite-446241.top/sys-static/shared-assets/Desktop/__shared_base-app_903e6da5a6.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 10:18 Times Seen129 Hash e071809984b55de161268aac251b558c c1f9162bef3284e66ac92178afc1c7b0f8e9e414 9d919131b467b216f6d01840ac25b1e65c6fc91a7167bab83b77d8dd587c2e9b Loading...

	1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5f12c0474a.js	ImportedModule	4.1 kB	2025-06-03	2025-06-11
Pretty URL 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5f12c0474a.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 10:18 Times Seen103 Hash 3a0238833de5836c5f71bfaddacf6f91 5ccf8b73bc35f925394099eb618e36c28e9d0c96 b0f7ce2ce233734ddb2fe574e4039f812e651a56f7f7eac361d6f04f92776f2f Loading...

	1xlite-446241.top/en/block	Eval	306 kB	2025-06-11	2025-06-11
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by eval Embedded in HTML false Observations First Seen2025-06-11 09:06 Last Seen2025-06-11 09:06 Times Seen1 Hash a1be686ea2dfe5b5ca2a5af3c815818e a00c0e71af0b1bc991ac8c9d51eda25bd05c8ce4 e0f100e2ac839b7cdaf1b9ebf9066eb6259b957f08557e5f351165f35fee6957 Loading...

	1xlite-446241.top/en/block	Function	47 B	2023-04-14	2025-07-16
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-16 08:23 Times Seen6084 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	1xlite-446241.top/en/block	ScriptElement	6.4 kB	2025-06-11	2025-06-11
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-11 09:06 Last Seen2025-06-11 09:06 Times Seen1 Hash b4d761aad1a6bb6a1c3e3b4182fce6f5 7e8479afbc0804e3275597db5613b51b858d5b13 e1b0a6ab614a2820a7238c7b9acd63685aa002479635b5a946cdcab6eed66aee Loading...

	v3.traincdn.com/main-static/08375d4a/desktop/default/commons/app-de65e2e6.js	ScriptElement	138 kB	2025-06-06	2025-06-11
Pretty URL v3.traincdn.com/main-static/08375d4a/desktop/default/commons/app-de65e2e6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-06 13:00 Last Seen2025-06-11 09:33 Times Seen63 Hash afd5d0be70624323a2252df15455fcef d577d2f88e8e66ca29df483dc3a67aef5003b791 022ed5e639258e5b7dcf1dc5bd99aa757f9110aee6726fa9063f66ff63bfbde1 Loading...

	1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/2b97aa7ece.js	ImportedModule	864 B	2025-06-03	2025-06-11
Pretty URL 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/2b97aa7ece.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 10:18 Times Seen103 Hash 731c91a48eab2d0cf70dbace67e93976 35fe67c7f270405735c3002fdfa147494e93d786 3f76e3dfd863a6201a43412c9865773a516e71e0b9c1270161bb87a295e08946 Loading...

	1xlite-446241.top/en/block	Function	295 kB	2025-06-11	2025-06-11
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2025-06-11 09:06 Last Seen2025-06-11 09:06 Times Seen1 Hash 272de3fe7f745686d31d2b2d593ab224 8162056bf8f61ee9f933578550b80e2f1ccc8355 1a0e3112f75de07031b011a9f184f9679be3fb22653c5b67739adf54cdbccdcd Loading...

	1xlite-446241.top/en/block	Function	47 B	2023-04-14	2025-07-16
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-16 08:23 Times Seen6085 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	1xlite-446241.top/en/block	DomTimer	10 B	2024-09-21	2025-07-16
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by domTimer Embedded in HTML false Observations First Seen2024-09-21 15:04 Last Seen2025-07-16 08:23 Times Seen1896 Hash 01f4b51b4ba7edd00ad9f0a22259f06e 00723d0eda4be61a7b1c542b0a08a94a94a60017 9fdac1c31a22f55dbb8ca225ee28c3f7e88b41cce82968af0018c9f8b3bd35ba Loading...

	v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/plugins.vue-notification-5a6887aa.js	ScriptElement	13 kB	2025-06-03	2025-06-11
Pretty URL v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/plugins.vue-notification-5a6887aa.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 09:33 Times Seen104 Hash 3a3c9476afd1bb77e959d5a9ba8fef46 fb3ec1b031b794f59ab22551474ae323c0ed1c45 99d6d17a0b928da90325d2e4e0b24476d14ac6aa1ea5e742851ac742ddc6e98b Loading...

	v3.traincdn.com/main-static/08375d4a/desktop/default/DC-a2e556af.js	ScriptElement	2.7 kB	2025-06-03	2025-06-11
Pretty URL v3.traincdn.com/main-static/08375d4a/desktop/default/DC-a2e556af.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 09:33 Times Seen104 Hash 3df86389f1c4b065ad62accc502a9480 889cf2a121590160554296995b785aff89aabe04 532fffbd9cb8d3b26148e8180c5809b85d8d46c830fb3dbe0d7c09dda1f89de0 Loading...

	1xlite-446241.top/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js	ImportedModule	1.3 kB	2025-05-14	2025-07-16
Pretty URL 1xlite-446241.top/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-16 08:23 Times Seen1165 Hash e3f1c4089db6b910890e85d97a2e2066 85828920da3c3fd7856acde184e835ac314295cd 6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614 Loading...

	1xlite-446241.top/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js	ImportedModule	21 kB	2025-05-14	2025-07-16
Pretty URL 1xlite-446241.top/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-16 08:23 Times Seen1165 Hash 3cf0cae38afae9add22f7884e5061231 2a41037501375a439385a76a047876619683418f 322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d Loading...

	1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/63937a8066.js	ScriptElement	1.2 kB	2025-06-03	2025-06-11
Pretty URL 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/63937a8066.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 10:18 Times Seen103 Hash e8c6a2f12cea1a1f02c689bc4c87e52a 2be2df37092e2114931a8bee4640a4c5617697fb f960e91791da697c0877887e3efdd7076b0e09fe1ced131bb140315da0576eb2 Loading...

	v3.traincdn.com/main-static/08375d4a/desktop/default/Betting.Core-72c8ffce.js	ScriptElement	2.3 kB	2025-06-10	2025-06-11
Pretty URL v3.traincdn.com/main-static/08375d4a/desktop/default/Betting.Core-72c8ffce.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-10 13:38 Last Seen2025-06-11 09:33 Times Seen9 Hash 64aa1b6035f304f0da085e0ffb18a917 c840048ef72e7efee2af0a93e9a590393dbb65ad b4b596630a84de3a4f971b185b6c3a0ff734960c69bb325f6454692be846824c Loading...

	1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-2be23b5382.js	ScriptElement	21 kB	2025-06-03	2025-06-11
Pretty URL 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-2be23b5382.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 10:18 Times Seen103 Hash e98587d7f0e87ddb1c14109e11bcaf6c 73614df1bfaace32f60e177269be8aa2e66cc5f2 eb2e63442142d4911f42925b84270df0223ec8fe25a9c33007c5a43914822c22 Loading...

	1xlite-446241.top/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js	ImportedModule	19 kB	2025-05-14	2025-07-16
Pretty URL 1xlite-446241.top/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-16 08:23 Times Seen1165 Hash 1580a3cfe81fd30910a49dfe64cc8e7b 314144dc49595482ba46c0b85b38d5f73ef73a7b 8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035 Loading...

	1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f27cd2497c.js	ScriptElement	3.9 kB	2025-06-03	2025-06-11
Pretty URL 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f27cd2497c.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 10:18 Times Seen103 Hash 07ea703063c4d5ee76b1b1b5845e6905 7794892b3fc0b6d4051dfaeddcb9c15a87af762d 2c6497b477fb18d8d4d9bfa94743d235f4c8b3f0f46af415137b530e5caa8b9f Loading...

	1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7f1d6bae6f.js	ImportedModule	2.4 kB	2025-06-03	2025-06-11
Pretty URL 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7f1d6bae6f.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 10:18 Times Seen103 Hash aeef5d0d5b0b15e2e1b54290e62a2932 306303db1c775a5747b2d4484824f95755c0f98a dde563c7756b01db74f2fb9da8160faae9e9c6f8a50c97b56216827785fdacb4 Loading...

	1xlite-446241.top/en/block	Function	87 kB	2025-06-11	2025-06-11
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2025-06-11 06:52 Last Seen2025-06-11 13:38 Times Seen5 Hash 5b31414c761883935db0785131266122 9464e4c727ac56894a1c0a1c0c42ca1f71420806 ca23771cffb159b5ff8529e047ad98bd8db7d4ffe4ac5ec2a50c6d29dae75a76 Loading...

	1xlite-446241.top/en/block	Function	44 B	2023-04-14	2025-07-16
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-16 08:23 Times Seen6087 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	1xlite-446241.top/main-static/08375d4a/check-ob.js	ScriptElement	219 B	2024-07-17	2025-07-16
Pretty URL 1xlite-446241.top/main-static/08375d4a/check-ob.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-17 14:33 Last Seen2025-07-16 08:23 Times Seen2285 Hash c065700c9c8c493403359e1f2baa10d9 4630fe729e70bdf63fa7ba6c84ec277fd1f51030 1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4 Loading...

	1xlite-446241.top/en/block	Function	96 B	2023-12-06	2025-07-16
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-16 08:23 Times Seen3859 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	1xlite-446241.top/en/block	ScriptElement	194 kB	2025-06-11	2025-06-11
Pretty URL 1xlite-446241.top/en/block IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-11 09:06 Last Seen2025-06-11 09:06 Times Seen1 Hash 98edb1ec6471fbc4149e88755c6e93b8 9bd2e8b41c6661273dc80d2490ca65cced255773 88d268cedccd0c863d41b193e80c586811891d62b7014cd71a176d5ff8675f77 Loading...

	v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/app-ec574fc5.js	ScriptElement	1.4 MB	2025-06-10	2025-06-11
Pretty URL v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/app-ec574fc5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-10 13:38 Last Seen2025-06-11 09:33 Times Seen9 Hash 81ca0efcd77c8894cf1d3075673e116e 17bab2e235cd692564de7b0c443fbad1e49fd3dc e29378ec7429032e963451e04c1229968492f19c17fa26dccfe6e5eea23a1d1a Loading...

	v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/plugins.vue-js-modal-bb69fbba.js	ScriptElement	27 kB	2025-06-03	2025-06-11
Pretty URL v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/plugins.vue-js-modal-bb69fbba.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 09:33 Times Seen104 Hash 95c7e2ba03a2cb96ea5c6fd758291944 59e50efaae4e75111f0515342f551040a643ff0e a9afd30210e183815589556664dc2409819fbb51a111683f873b866704bd9bbd Loading...

	1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e40b28763d.js	ImportedModule	147 B	2025-06-03	2025-06-11
Pretty URL 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e40b28763d.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 10:18 Times Seen103 Hash c653d4292db9f892bf6f72223a3fb9ef 68e00b62bc5c58ada6c1a72ef919f7b3bc5f344c b044f0472001a85ae50c1ea8c56c72d9b299e96b290da0bfaeb7fb0b986dbe6f Loading...

	1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js	ImportedModule	69 B	2025-05-14	2025-07-16
Pretty URL 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-16 08:23 Times Seen1081 Hash 2cdaa92927f02e0b628f1ef4d7dd8caf 9104a2e16ed080b80a42588b8aeb52ebec47ab7a ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db Loading...

	1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/43320226e0.js	ImportedModule	27 kB	2025-06-03	2025-06-11
Pretty URL 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/43320226e0.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-03 13:39 Last Seen2025-06-11 10:18 Times Seen103 Hash 94550587990c4e510f7a62601f68f227 ae3328a0fb2f627fbf8ef401e972fd547abb2cec b9beac1e38d6b752c90112594751e7a2587ed521a62576635edb2b33d6074ca4 Loading...

	1xlite-446241.top/captcha-api/assets/hunt-captcha.js	ScriptElement	89 kB	2025-06-11	2025-06-11
Pretty URL 1xlite-446241.top/captcha-api/assets/hunt-captcha.js IP 178.253.14.230 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-11 06:52 Last Seen2025-06-11 13:38 Times Seen5 Hash 9b3c6347a108d4a51e92ef6447770aa6 40e580d5617417e1f4acfe748dc674a7ac07a5d5 c3fdfd1cba177dcf91ac57ced0966caf6ea030f39194c1063e56e60149a3c52f Loading...

HTTP Transactions (91)

URL IP Response Size

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/3235fa3ecbc01182d696aaea74f8db10.json

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/3235fa3ecbc01182d696aaea74f8db10.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
13 kB (13444 bytes)
Hash
0c06a2ce7b44d920632095b7968f05e7
ad620299a407c218f382d66ccc64eb95cb1f26f2
248dc3677e4de59d802fda413a105a962cb897f8e691e85ec68fadd7af37d3d9

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/3235fa3ecbc01182d696aaea74f8db10.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json
traceparent: 00-1d6c70f6dd21dba28c7f23ee03857ef9-27e09b64f153a0c4-01
last-modified: Mon, 09 Jun 2025 12:49:29 GMT
etag: W/"0c06a2ce7b44d920632095b7968f05e7"
content-encoding: gzip
expires: Wed, 11 Jun 2025 10:06:30 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: MISS
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js

178.253.14.230

200 OK

69 B

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
ASCII text, with no line terminators
Size
69 B (69 bytes)
Hash
2cdaa92927f02e0b628f1ef4d7dd8caf
9104a2e16ed080b80a42588b8aeb52ebec47ab7a
ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-2be23b5382.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
content-length: 69
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: "2cdaa92927f02e0b628f1ef4d7dd8caf"
x-amz-meta-mtime: 1748957395.660590956
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js

178.253.14.230

200 OK

1.2 kB

URL GET
1xlite-446241.top/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (1193)
Size
1.2 kB (1194 bytes)
Hash
7e76c08e7f16815131a5f13a10c1efba
5f800877b78a0713157fe119bc1a2d9a260f72e1
c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_7HDOEZTP.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 11 Jun 2025 06:52:01 GMT
etag: W/"7e76c08e7f16815131a5f13a10c1efba"
x-amz-meta-mtime: 1749624566.687284035
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js

178.253.14.230

200 OK

1.3 kB

URL GET
1xlite-446241.top/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (1265)
Size
1.3 kB (1297 bytes)
Hash
e3f1c4089db6b910890e85d97a2e2066
85828920da3c3fd7856acde184e835ac314295cd
6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/shared-assets/Desktop/__shared_base-app_903e6da5a6.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 11 Jun 2025 06:52:01 GMT
etag: W/"e3f1c4089db6b910890e85d97a2e2066"
x-amz-meta-mtime: 1749624566.687284035
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7f1d6bae6f.js

178.253.14.230

200 OK

2.4 kB

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7f1d6bae6f.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (2401)
Size
2.4 kB (2402 bytes)
Hash
aeef5d0d5b0b15e2e1b54290e62a2932
306303db1c775a5747b2d4484824f95755c0f98a
dde563c7756b01db74f2fb9da8160faae9e9c6f8a50c97b56216827785fdacb4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7f1d6bae6f.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f27cd2497c.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: W/"aeef5d0d5b0b15e2e1b54290e62a2932"
x-amz-meta-mtime: 1748957395.665591441
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css

185.244.209.62

200 OK

650 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (649)
Size
650 B (650 bytes)
Hash
5d70ac7829c3ae41ce5c0971c798fbcf
9996ce3a09f56d3e37d67fbe7e1efb301ea2f261
0e76b1cd191bd618caea37cb7fb6673d12c7cdff7ea47e939758eda5764a140b

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:29 GMT
content-type: text/css; charset=utf-8
content-length: 650
traceparent: 00-c839eca5384dd395881a6be65a4b53db-cfadbf69f729a63a-01
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: "5d70ac7829c3ae41ce5c0971c798fbcf"
x-amz-meta-mtime: 1748957395.664591344
expires: Thu, 05 Jun 2025 08:52:08 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 85983
cache: HIT
x-cached-since: 2025-06-10T09:13:26+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/8c9565bcb3d75b5e56cf36e61ca88fc7.json

185.244.209.62

200 OK

465 B

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/8c9565bcb3d75b5e56cf36e61ca88fc7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
465 B (465 bytes)
Hash
c18f57f4aff3cdc9ac4e9b71b54a5810
11e0ec9094d11ec4bfe5ef61cd09aa827df836d4
4844ea1e167daceb7a53a3b70c83d4389c19d42d0c1af060daf3a91ee7dbe64a

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/8c9565bcb3d75b5e56cf36e61ca88fc7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json
content-length: 465
traceparent: 00-1ad9021a52e8b1dfdb9396335179bca0-3e3626044e51f795-01
last-modified: Mon, 01 Jul 2024 11:34:34 GMT
etag: "c18f57f4aff3cdc9ac4e9b71b54a5810"
expires: Thu, 05 Jun 2025 08:40:15 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/e9aaf54249712e7e79892e2754c64bd7.json

185.244.209.62

200 OK

3.6 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/e9aaf54249712e7e79892e2754c64bd7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
3.6 kB (3557 bytes)
Hash
4b08975411699bcd7464f49777e866bf
2a9b0a0f3eadf5f3e1ef688bacd9560dd59c73d2
b6208d18413f8988db2e0040ff72516c0cb5e06d3d9692b5b098808ab46fc378

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/e9aaf54249712e7e79892e2754c64bd7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json
traceparent: 00-0f54a4c875d9df80234e2d3098887ed2-ee563e6b9e28c08f-01
last-modified: Thu, 27 Feb 2025 09:07:33 GMT
etag: W/"4b08975411699bcd7464f49777e866bf"
content-encoding: gzip
expires: Thu, 05 Jun 2025 08:40:15 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/plugins.v-tooltip-4e620d39.js

185.244.209.62

200 OK

77 kB

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/plugins.v-tooltip-4e620d39.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
77 kB (76622 bytes)
Hash
a5fdbd399fae9d438faf33dc74a667bc
c28bc9c7551e7c531ee37e189a0b94de59791481
aa1a21bf0fa073b5635353fdadd95f784c511905e9ebb36288673b2fae789e2f

HTTP Headers

GET /main-static/08375d4a/desktop/default/vendors/plugins.v-tooltip-4e620d39.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-3d7dd4802f3122856eadcc5a8f807e7d-584239038952d5c2-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: W/"a5fdbd399fae9d438faf33dc74a667bc"
x-amz-meta-mtime: 1749548388.298267315
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:55:19 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83406
cache: HIT
x-cached-since: 2025-06-10T09:56:24+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/css/d8126a35.css

185.244.209.62

200 OK

60 kB

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/css/d8126a35.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (59621), with no line terminators
Size
60 kB (59621 bytes)
Hash
445b613da1bb58a172d32cbfb66316b7
78dde96ed8e16f5d20253ced07de3cadb4ce5f6f
0244ef09748c4a15ddeebf95cfb08ca5db5a7cf3fcfd6f0dbbd91b34a1ffb289

HTTP Headers

GET /main-static/08375d4a/desktop/default/css/d8126a35.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:29 GMT
content-type: text/css; charset=utf-8
traceparent: 00-2835fd0dc0c6198414b5276b955d5ccc-a72fa0ece3fc4180-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: W/"445b613da1bb58a172d32cbfb66316b7"
x-amz-meta-mtime: 1749548388.29026724
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:55:18 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83406
cache: HIT
x-cached-since: 2025-06-10T09:56:23+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/version.json

185.244.209.62

200 OK

11 B

URL GET
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text
Size
11 B (11 bytes)
Hash
52c05d27134e844294cd34dbb9d03d88
6e8ebdeaab62479a269501a53c46352d43479682
6f4e51643801e25e4bd89351273c3bd5fd747ca85cf312a11627131f8e100e37

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:29 GMT
content-type: application/json
content-length: 11
traceparent: 00-5eefc2bc96901d50bdc6017678781e32-6b7522d451460e81-01
last-modified: Wed, 11 Jun 2025 08:07:34 GMT
etag: "52c05d27134e844294cd34dbb9d03d88"
x-amz-meta-mtime: 1749629254.737716414
expires: Wed, 11 Jun 2025 08:09:34 GMT
cache-control: max-age=60
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 13
cache: HIT
x-cached-since: 2025-06-11T09:06:16+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css

185.244.209.62

200 OK

46 B

URL GET
v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
29b5cda95fa390c124de39b6aeca6d24
46f68f69533c1fdc737eb36e8e7af7672178e610
6021ec0aede22eadcb8401fe945d345202320437c7be01b157f0cb282ebe7c88

HTTP Headers

GET /genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/css
content-length: 46
traceparent: 00-a5b9ee713acff034e786a6efe28030fa-b80a1576ab53150e-01
last-modified: Thu, 20 Mar 2025 13:29:31 GMT
etag: "29b5cda95fa390c124de39b6aeca6d24"
cache-control: max-age=3600
expires: Thu, 20 Mar 2025 14:32:37 GMT
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3108
cache: HIT
x-cached-since: 2025-06-11T08:14:42+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_5095aa3502de5d23a304096fded0ec7c.json

185.244.209.62

200 OK

3.8 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_5095aa3502de5d23a304096fded0ec7c.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
3.8 kB (3778 bytes)
Hash
760aef6021a23b9b00d12d79b667c249
f9020e25d1de99e79badce8270abb9cfb56f863a
19f38f82ab75a3cecf3a85dc8f19f0bf52594d1252d8a3b0f2ebee667598a0fa

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_5095aa3502de5d23a304096fded0ec7c.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json; charset=utf-8
traceparent: 00-20ce7f7712f4aab8a1decdd60d5c8c06-d59d052a29388b74-01
last-modified: Wed, 11 Jun 2025 08:06:50 GMT
etag: W/"760aef6021a23b9b00d12d79b667c249"
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:40:11 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1553
cache: HIT
x-cached-since: 2025-06-11T08:40:37+00:00
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js

178.253.14.230

200 OK

30 kB

URL GET
1xlite-446241.top/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (30255)
Size
30 kB (30277 bytes)
Hash
02cf95f00794b77df34632e34a59c5be
b64889fb6cbe78a141688ea761a627997ef8a8af
bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_FJKG5M2E.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/shared-assets/Desktop/__shared_base-app_903e6da5a6.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 11 Jun 2025 06:52:01 GMT
etag: W/"02cf95f00794b77df34632e34a59c5be"
x-amz-meta-mtime: 1749624566.687284035
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/5ad56e0309d98c226f7c6f53c8988481.json

185.244.209.62

200 OK

1.4 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/5ad56e0309d98c226f7c6f53c8988481.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.4 kB (1381 bytes)
Hash
60800fc6a93e48491d94e7d6447b1709
632786af7227839842c02819d3d6340d13cc6125
62e20d1db7acda670afe7035a169bb1d4ba4adfac1251ad8a666edc7e14a5f8f

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/5ad56e0309d98c226f7c6f53c8988481.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json
traceparent: 00-17c78d7f79894df88abd0e972dffd588-157a6e46dba46bbd-01
last-modified: Thu, 15 May 2025 13:56:17 GMT
etag: W/"60800fc6a93e48491d94e7d6447b1709"
content-encoding: gzip
expires: Thu, 05 Jun 2025 08:40:15 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/1c88a5dff952a7ff7729f92263f647d8.json

185.244.209.62

200 OK

241 B

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/1c88a5dff952a7ff7729f92263f647d8.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
241 B (241 bytes)
Hash
39257fbb62736206d5245e08925d7b60
4c11e3cb6a16b884772b88acdba30a2ad98e86b8
3a3cf0f5c60899ffb49d9825516aec475fd7b78cea8ae0b5b58dfb4e658f041e

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/1c88a5dff952a7ff7729f92263f647d8.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json
content-length: 241
traceparent: 00-047335bfd3f1c69055e71bf8484689fd-4b6a2aebd7fd764f-01
last-modified: Thu, 27 Feb 2025 13:25:46 GMT
etag: "39257fbb62736206d5245e08925d7b60"
expires: Wed, 11 Jun 2025 10:06:31 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-446241.top/en?tag=d_131637m_14249c_[]MS[]null[]PB_WL[]general[]74406480_d27082_l192912_clickunder&pb=7cb13d3f9d3046d5bffca6ca03342b50&click_id=7633fd497d2870456da38e05b856bc32

178.253.14.230

302 Found

262 kB

URL User Request GET
1xlite-446241.top/en?tag=d_131637m_14249c_[]MS[]null[]PB_WL[]general[]74406480_d27082_l192912_clickunder&pb=7cb13d3f9d3046d5bffca6ca03342b50&click_id=7633fd497d2870456da38e05b856bc32
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type

Size
262 kB (261953 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en?tag=d_131637m_14249c_[]MS[]null[]PB_WL[]general[]74406480_d27082_l192912_clickunder&pb=7cb13d3f9d3046d5bffca6ca03342b50&click_id=7633fd497d2870456da38e05b856bc32 HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Wed, 11 Jun 2025 09:06:29 GMT
location: https://1xlite-446241.top/en/block
server-timing: dt_total;dur=0.011, total;dur=160;desc="Nuxt Server Time", wf-uht;dur=0.172
set-cookie: platform_type=desktop; Path=/; Expires=Sat, 14 Jun 2025 09:06:29 GMT; Secure; SameSite=None; Partitioned
gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Sun, 10 Aug 2025 09:06:29 GMT
reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; Path=/; Expires=Wed, 11 Jun 2025 10:06:29 GMT
postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; Path=/; Expires=Fri, 11 Jul 2025 09:06:29 GMT
auid=sv0O5mhJRxWDDy9wAwVuAg==; path=/; secure; httponly; samesite=lax
x-dt: 1258
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET 1xlite-446241.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js

178.253.14.230

200 OK

760 B

URL GET
1xlite-446241.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (759)
Size
760 B (760 bytes)
Hash
0b911773e0df627d77f8306c86e228aa
0d584bb1a3294e4fe42df4582dcc8a2c8f77f7bb
01e4926540498a77d866259516007d41fae1213ab9607db826f011d926fd6006

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c; SESSION=f6e20d1b7364313a95820fd0bd337cfe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:39 GMT
content-type: text/javascript; charset=utf-8
content-length: 492
accept-ranges: bytes
cache-control: public, max-age=300
content-encoding: gzip
etag: 0b911773e0df627d77f8306c86e228aa
vary: Accept-Encoding
x-dt: 1258
x-request-guid: e6ccd78b7e3e6be3344f6ca03055537d
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.006, wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-07a2cd26be30f553adb88919352e5b87-82a84f4069d99873-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1418
cache: HIT
x-cached-since: 2025-06-11T08:42:52+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js

178.253.14.230

200 OK

19 kB

URL GET
1xlite-446241.top/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (19034)
Size
19 kB (19175 bytes)
Hash
1580a3cfe81fd30910a49dfe64cc8e7b
314144dc49595482ba46c0b85b38d5f73ef73a7b
8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/shared-assets/Desktop/__shared_base-app_903e6da5a6.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 11 Jun 2025 06:52:01 GMT
etag: W/"1580a3cfe81fd30910a49dfe64cc8e7b"
x-amz-meta-mtime: 1749624566.703284098
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js

178.253.14.230

200 OK

21 kB

URL GET
1xlite-446241.top/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (21232)
Size
21 kB (21252 bytes)
Hash
3cf0cae38afae9add22f7884e5061231
2a41037501375a439385a76a047876619683418f
322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/shared-assets/Desktop/__shared_base-app_903e6da5a6.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 11 Jun 2025 06:52:01 GMT
etag: W/"3cf0cae38afae9add22f7884e5061231"
x-amz-meta-mtime: 1749624566.687284035
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

GET 1xlite-446241.top/bff-api/config/group/get?groups=d.technical&lang=en

178.253.14.230

200 OK

730 B

URL GET
1xlite-446241.top/bff-api/config/group/get?groups=d.technical&lang=en
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JSON text data
Size
730 B (730 bytes)
Hash
dcff1c0930ae924e669223c942f1bb8f
5c9d445bcbba4ed1cda92f9e6dcf3c82bf2a10fa
e6524af063e87f37a0f9e0bd60f13336db66f6791295f6a16b3bf2e92eb606cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/group/get?groups=d.technical&lang=en HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-svc-source: __TECHNICAL_PAGES_APP__
x-app-n: __TECHNICAL_PAGES_APP__
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1920; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json
content-length: 730
cache-control: no-cache, private
server-timing: dt_total;dur=0.006, bff;dur=38.21, wf-uht;dur=0.050
x-dt: 1258
x-pod: R-k4gds
x-time-ng: 0.041
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

POST 1xlite-446241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.14.230

200 OK

23 B

URL POST
1xlite-446241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
22778239982e64ebbdadc267e704aed8
695e955e321f1a06e86b14157209dbb233f316df
ab0fa70cff50a56f96bab0bb59df3e3eec353baea412f91aa34b48b571d34266

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: e4622f90-2eab-404a-9a2b-c9e06b55e789
Content-Length: 72
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json
content-length: 23
x-dt: 1258
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.005, wf-uht;dur=0.008
X-Firefox-Spdy: h2

POST 1xlite-446241.top/hd-api/external/verify

178.253.14.230

200 OK

715 B

URL POST
1xlite-446241.top/hd-api/external/verify
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JSON text data
Size
715 B (715 bytes)
Hash
9ac8ce888cddfddf4701db3ddf56198f
463b42abeabc1eb51a60cd6ff432b64aa2ea9c43
a8924cadf96e87593734a319befa59e5cd3bf4f57b0c1259db6f79e08a5172c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/verify HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/en/block
Content-Type: text/plain;charset=UTF-8
Content-Length: 108805
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c; SESSION=f6e20d1b7364313a95820fd0bd337cfe
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:41 GMT
content-type: application/json
content-length: 587
content-encoding: gzip
vary: Accept-Encoding
x-dt: 1258
x-request-guid: bc740c010410e29009962353bf3a645c
x-time-ng: 0.008
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.006, wf-uht;dur=0.045
X-Firefox-Spdy: h2

GET 1xlite-446241.top/main-static/08375d4a/check-ob.js

178.253.14.230

200 OK

219 B

URL GET
1xlite-446241.top/main-static/08375d4a/check-ob.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text
Size
219 B (219 bytes)
Hash
c065700c9c8c493403359e1f2baa10d9
4630fe729e70bdf63fa7ba6c84ec277fd1f51030
1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main-static/08375d4a/check-ob.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:29 GMT
content-type: text/javascript; charset=utf-8
content-length: 219
last-modified: Tue, 10 Jun 2025 09:42:29 GMT
etag: "c065700c9c8c493403359e1f2baa10d9"
x-amz-meta-mtime: 1749548548.553932505
expires: Thu, 12 Jun 2025 09:06:29 GMT
cache-control: max-age=86400
x-time-ng: 0.000
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json

185.244.209.62

200 OK

765 B

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
765 B (765 bytes)
Hash
00f980f23f1b4c1ccee99ed49e0a8feb
4cb07094de9bffff1bf81d94446280b91013b660
bb3be3377fbb8e66a4b5a8a3866dfd865a37cb4a96482ab2f439981e03b57cea

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json; charset=utf-8
content-length: 765
traceparent: 00-c6b7ed803d231b625547f6c7c1c5287e-4f4a9cde1adb05f1-01
last-modified: Wed, 11 Oct 2023 12:52:53 GMT
etag: "00f980f23f1b4c1ccee99ed49e0a8feb"
cache-control: max-age=3600
expires: Thu, 16 Jan 2025 10:53:47 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3470
cache: HIT
x-cached-since: 2025-06-11T08:08:40+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/DC-a2e556af.js

185.244.209.62

200 OK

2.7 kB

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/DC-a2e556af.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2653), with no line terminators
Size
2.7 kB (2653 bytes)
Hash
3df86389f1c4b065ad62accc502a9480
889cf2a121590160554296995b785aff89aabe04
532fffbd9cb8d3b26148e8180c5809b85d8d46c830fb3dbe0d7c09dda1f89de0

HTTP Headers

GET /main-static/08375d4a/desktop/default/DC-a2e556af.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-8a057f26b72f2eeee4e4bc1db72df0ea-eaf05528fda3c27d-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: W/"3df86389f1c4b065ad62accc502a9480"
x-amz-meta-mtime: 1749548388.278267126
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:55:19 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83406
cache: HIT
x-cached-since: 2025-06-10T09:56:24+00:00
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5a42a2416f.js

178.253.14.230

200 OK

1.2 kB

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5a42a2416f.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (1165)
Size
1.2 kB (1166 bytes)
Hash
7fea12865e9461b54b154073fabe2445
6d00cee95d843ce881376b8156669a13209386e4
d3df4a62bdbc16af865011d44db32f27c8d1de9e8d4a90319789083959e792f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5a42a2416f.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f27cd2497c.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: W/"7fea12865e9461b54b154073fabe2445"
x-amz-meta-mtime: 1748957395.665591441
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/2b97aa7ece.js

178.253.14.230

200 OK

864 B

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/2b97aa7ece.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (863)
Size
864 B (864 bytes)
Hash
731c91a48eab2d0cf70dbace67e93976
35fe67c7f270405735c3002fdfa147494e93d786
3f76e3dfd863a6201a43412c9865773a516e71e0b9c1270161bb87a295e08946

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/2b97aa7ece.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f27cd2497c.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
content-length: 864
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: "731c91a48eab2d0cf70dbace67e93976"
x-amz-meta-mtime: 1748957395.671592023
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/css/7fe5f71b.css

185.244.209.62

200 OK

3.3 kB

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/css/7fe5f71b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3313), with no line terminators
Size
3.3 kB (3313 bytes)
Hash
c610b8710368de3bf2f1c5bb581b6a3a
f67bc86785d434adb2e81a356a7926b8818ac567
fad7111846310042401990719146401178f22e2618abf2b058e641b6495e8eba

HTTP Headers

GET /main-static/08375d4a/desktop/default/css/7fe5f71b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/css; charset=utf-8
traceparent: 00-f077f84e8e980d0010cbd01b7fffcdf3-881e01b74a6a040d-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: W/"c610b8710368de3bf2f1c5bb581b6a3a"
x-amz-meta-mtime: 1749548388.286267201
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:55:19 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83406
cache: HIT
x-cached-since: 2025-06-10T09:56:24+00:00
X-Firefox-Spdy: h2

POST 1xlite-446241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

178.253.14.230

200 OK

2 B

URL POST
1xlite-446241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: e4622f90-2eab-404a-9a2b-c9e06b55e789
Content-Length: 19
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json
content-length: 2
x-dt: 1258
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.047, wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/colors/11fcf67d96d7d317c64c54b46d5ec44f.css

185.244.209.62

200 OK

40 kB

URL GET
v3.traincdn.com/genfiles/site-admin/colors/11fcf67d96d7d317c64c54b46d5ec44f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (39742), with no line terminators
Size
40 kB (39742 bytes)
Hash
11fcf67d96d7d317c64c54b46d5ec44f
abf4e85e9e932ed64412f46ff590b39a87e26cb9
96ec24e0f388bf29d22bc262d0ed8aecf4582efa4d2031a06566442663f68658

HTTP Headers

GET /genfiles/site-admin/colors/11fcf67d96d7d317c64c54b46d5ec44f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/css
traceparent: 00-e196f604fb20f76cd851dbaaf162edd3-dd61501d7899eb3c-01
last-modified: Tue, 10 Jun 2025 13:59:35 GMT
etag: W/"11fcf67d96d7d317c64c54b46d5ec44f"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 10 Jun 2025 15:00:12 GMT
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3396
cache: HIT
x-cached-since: 2025-06-11T08:09:54+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/4590ed387c55d5b5854f8dff71e61190.json

185.244.209.62

200 OK

182 B

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/4590ed387c55d5b5854f8dff71e61190.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
182 B (182 bytes)
Hash
0a64a07e9a34e8a5b5e97e80a10888c5
82545cbc39b7dcc031dd10dea841a0b3698243d6
7201497e7e8cdf9d35bf6998e43dcde5feea535f9828ce3ee98785781016126c

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/4590ed387c55d5b5854f8dff71e61190.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json
content-length: 182
traceparent: 00-5ac858a25533c9d7e82592dde1d4687f-2402835bad2959d2-01
last-modified: Thu, 27 Feb 2025 08:56:47 GMT
etag: "0a64a07e9a34e8a5b5e97e80a10888c5"
expires: Wed, 11 Jun 2025 10:06:30 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-446241.top/checker/redirect/stat/run/

178.253.14.230

200 OK

14 B

URL GET
1xlite-446241.top/checker/redirect/stat/run/
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JSON text data
Size
14 B (14 bytes)
Hash
2de0d0acfd684235f066bd0ec0c9e3df
68d0cb64805a42d7e40f43e8e198986b43dd6b69
9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/shared-assets/Desktop/__shared_base-app_903e6da5a6.js

178.253.14.230

200 OK

790 kB

URL GET
1xlite-446241.top/sys-static/shared-assets/Desktop/__shared_base-app_903e6da5a6.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (22825)
Size
790 kB (790193 bytes)
Hash
e071809984b55de161268aac251b558c
c1f9162bef3284e66ac92178afc1c7b0f8e9e414
9d919131b467b216f6d01840ac25b1e65c6fc91a7167bab83b77d8dd587c2e9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_base-app_903e6da5a6.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-2be23b5382.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 11 Jun 2025 06:52:03 GMT
etag: W/"e071809984b55de161268aac251b558c"
x-amz-meta-mtime: 1749624566.679284003
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/63937a8066.js

178.253.14.230

200 OK

1.2 kB

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/63937a8066.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (833)
Size
1.2 kB (1206 bytes)
Hash
e8c6a2f12cea1a1f02c689bc4c87e52a
2be2df37092e2114931a8bee4640a4c5617697fb
f960e91791da697c0877887e3efdd7076b0e09fe1ced131bb140315da0576eb2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/63937a8066.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-2be23b5382.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: W/"e8c6a2f12cea1a1f02c689bc4c87e52a"
x-amz-meta-mtime: 1748957395.671592023
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/1244ce60e9a4e015fc2b1c21b064b936.json

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/1244ce60e9a4e015fc2b1c21b064b936.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
13 kB (13278 bytes)
Hash
2b474bcc2f009b70e64e2b5a95dd50a4
1fd5ee2d54da7dfbf61e67efd938a89c548fc866
f86d880575f3f65ddaaf9e8a0e3746bbbefcefe7e6c0c4441e9e20ceffdca237

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/1244ce60e9a4e015fc2b1c21b064b936.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json
traceparent: 00-1c6a0f0e2b78984244dd16f552eabb22-862877d0d1e72e22-01
last-modified: Wed, 12 Mar 2025 09:36:48 GMT
etag: W/"2b474bcc2f009b70e64e2b5a95dd50a4"
content-encoding: gzip
expires: Thu, 05 Jun 2025 08:40:15 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET 1xlite-446241.top/en/block

178.253.14.230

203 Non Authoritative

262 kB

URL User Request GET
1xlite-446241.top/en/block
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
HTML document, ASCII text, with very long lines (53869)
Size
262 kB (261953 bytes)
Hash
0848e4ea8755d23b65239733a98ac8fe
adf5d254d4becf3bd745b2c378c0ad82c65072cc
3c49e15d7a8bf4398254066e1384545e5498e1a34549d10cbd800e0880554e50

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/block HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 203 Non Authoritative
server: nginx
date: Wed, 11 Jun 2025 09:06:29 GMT
content-type: text/html; charset=utf-8
content-length: 261953
accept-ranges: none
server-timing: dt_total;dur=0.007, total;dur=104;desc="Nuxt Server Time"
set-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
x-dt: 1258
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_6142be.css

185.244.209.62

200 OK

4.2 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_6142be.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3743)
Size
4.2 kB (4166 bytes)
Hash
171e9a7475c71887ff37d52e24605a97
e48eb9f3fa6407ba31f405ed2320f18889e5f388
6142be1be0200ed42b10d14b9f5ffa06c4fcf9d2445d15c64d5bc16eb21a8fe5

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_css_6142be.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:29 GMT
content-type: text/css; charset=utf-8
traceparent: 00-5b338b4efc3746982492fb5267f165c5-63947f17162a3312-01
last-modified: Tue, 10 Jun 2025 10:10:27 GMT
etag: W/"171e9a7475c71887ff37d52e24605a97"
x-amz-meta-mtime: 1749549973.158904152
content-encoding: gzip
expires: Wed, 11 Jun 2025 10:56:03 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 79428
cache: HIT
x-cached-since: 2025-06-10T11:02:41+00:00
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e40b28763d.js

178.253.14.230

200 OK

147 B

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e40b28763d.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
Java source, ASCII text
Size
147 B (147 bytes)
Hash
c653d4292db9f892bf6f72223a3fb9ef
68e00b62bc5c58ada6c1a72ef919f7b3bc5f344c
b044f0472001a85ae50c1ea8c56c72d9b299e96b290da0bfaeb7fb0b986dbe6f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e40b28763d.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f27cd2497c.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
content-length: 147
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: "c653d4292db9f892bf6f72223a3fb9ef"
x-amz-meta-mtime: 1748957395.670591926
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/3.3.243/Desktop/Default/merged.css

185.244.209.62

200 OK

1.0 MB

URL GET
v3.traincdn.com/sys-ui/3.3.243/Desktop/Default/merged.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
1.0 MB (1017057 bytes)
Hash
8522120fc691c1ac476b416ba4535f9d
1a666eae6aceab1f146fcbfcb9570048a62a32e6
ce2ee3ef9da2d722203f32c01e3049a8bcb8b20fbd791bbc50a72c5141540b29

HTTP Headers

GET /sys-ui/3.3.243/Desktop/Default/merged.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:29 GMT
content-type: text/css; charset=utf-8
traceparent: 00-be5812096ce5ee89757b41bf57afd366-c79a1e01ea174b0c-01
last-modified: Tue, 10 Jun 2025 10:05:55 GMT
etag: W/"8522120fc691c1ac476b416ba4535f9d"
x-amz-meta-mtime: 1749549915.195079206
content-encoding: gzip
expires: Wed, 11 Jun 2025 10:10:12 GMT
cache-control: max-age=86400
x-time-ng: 0.004
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 82198
cache: HIT
x-cached-since: 2025-06-10T10:16:31+00:00
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5f12c0474a.js

178.253.14.230

200 OK

4.1 kB

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5f12c0474a.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (4047)
Size
4.1 kB (4050 bytes)
Hash
3a0238833de5836c5f71bfaddacf6f91
5ccf8b73bc35f925394099eb618e36c28e9d0c96
b0f7ce2ce233734ddb2fe574e4039f812e651a56f7f7eac361d6f04f92776f2f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5f12c0474a.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f27cd2497c.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: W/"3a0238833de5836c5f71bfaddacf6f91"
x-amz-meta-mtime: 1748957395.664591344
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

GET 1xlite-446241.top/web-api/session

178.253.14.230

204 No Content

0 B

URL GET
1xlite-446241.top/web-api/session
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Wed, 11 Jun 2025 09:06:39 GMT
cache-control: no-cache, private
server-timing: dt_total;dur=0.013, p;dur=21.268, wf-uht;dur=0.035
set-cookie: ua=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
SESSION=f6e20d1b7364313a95820fd0bd337cfe; path=/; secure; httponly; samesite=lax
x-dt: 1258
x-time-ng: 0.023, 0.023
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET 1xlite-446241.top/hd-api/external/assets/hdf.js

178.253.14.230

200 OK

4.1 kB

URL GET
1xlite-446241.top/hd-api/external/assets/hdf.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
C++ source, ASCII text, with very long lines (874)
Size
4.1 kB (4083 bytes)
Hash
40eaa62ed21bd753172f4c307e2a41d0
f7b03c6b004562311c8ca00466179629738b2a40
60fed8cb321dc09e4e1d910b5822bd8f67d53d0962a41ddc9f5ac33edd4e2213

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/assets/hdf.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c; SESSION=f6e20d1b7364313a95820fd0bd337cfe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:39 GMT
content-type: text/javascript; charset=utf-8
content-length: 1620
accept-ranges: bytes
cache-control: public, max-age=300
content-encoding: gzip
etag: 40eaa62ed21bd753172f4c307e2a41d0
vary: Accept-Encoding
x-dt: 1258
x-request-guid: 1fe87ba7bf040087c4f53c963e6a51e3
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.012, wf-uht;dur=0.024
X-Firefox-Spdy: h2

POST 1xlite-446241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.14.230

200 OK

23 B

URL POST
1xlite-446241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
06fe0c52becf33981adc68b2133b4981
be0d61ddd55a1e8f31039671725682315d6b6fae
5f27fba5bddd93651a6036283a7767c600a0a93ee3e0d88f04d3b2ae0f4e01f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: e4622f90-2eab-404a-9a2b-c9e06b55e789
Content-Length: 109
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c; SESSION=f6e20d1b7364313a95820fd0bd337cfe
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:42 GMT
content-type: application/json
content-length: 23
x-dt: 1258
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.007, wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/cec3125bacd27eb65f91e96df5e5f376.json

185.244.209.62

200 OK

22 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/cec3125bacd27eb65f91e96df5e5f376.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
22 kB (21827 bytes)
Hash
ff5d81879a491bb1cfe091c5817a89b4
2a1d20f61eb8c513b270b8d123e3a9f66c89f808
538bffce9fa55e37a08e6b7f5148f8e7884c02a82b13e8426553061ff2475f90

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/cec3125bacd27eb65f91e96df5e5f376.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json
traceparent: 00-6b15b273230481e36e5d935a3262f0dd-f940f8b5ff9390cc-01
last-modified: Tue, 20 May 2025 11:04:07 GMT
etag: W/"ff5d81879a491bb1cfe091c5817a89b4"
content-encoding: gzip
expires: Wed, 11 Jun 2025 10:06:30 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: MISS
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/commons/app-de65e2e6.js

185.244.209.62

200 OK

138 kB

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/commons/app-de65e2e6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
138 kB (138079 bytes)
Hash
afd5d0be70624323a2252df15455fcef
d577d2f88e8e66ca29df483dc3a67aef5003b791
022ed5e639258e5b7dcf1dc5bd99aa757f9110aee6726fa9063f66ff63bfbde1

HTTP Headers

GET /main-static/08375d4a/desktop/default/commons/app-de65e2e6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-eb8df8e6185de74d79cf4bae1452f1f6-0c07c0347e224b46-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: W/"afd5d0be70624323a2252df15455fcef"
x-amz-meta-mtime: 1749548388.286267201
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:55:18 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83407
cache: HIT
x-cached-since: 2025-06-10T09:56:23+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_c475e7b28b6b22307751b2c2c28273a7.json

185.244.209.62

200 OK

23 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_c475e7b28b6b22307751b2c2c28273a7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
23 kB (22559 bytes)
Hash
7889ae7db096d748d942dbf58bd893b6
e9fc563f031d510363a597702fd9c4ca070aa870
a5145ccfed8e62882a5e36ab1bacad3c6fd36f203bf8b37e0ec20298fe7df20c

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_c475e7b28b6b22307751b2c2c28273a7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json; charset=utf-8
traceparent: 00-33254c21d54e4402c0d056081f5f73dd-5c20d157efd2c909-01
last-modified: Tue, 03 Jun 2025 08:06:56 GMT
etag: W/"c08ec4640f6ba3d9b8a7363620465d67"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 03 Jun 2025 09:40:13 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2479
cache: HIT
x-cached-since: 2025-06-11T08:25:11+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/Betting.Core-72c8ffce.js

185.244.209.62

200 OK

2.3 kB

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/Betting.Core-72c8ffce.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2254), with no line terminators
Size
2.3 kB (2254 bytes)
Hash
64aa1b6035f304f0da085e0ffb18a917
c840048ef72e7efee2af0a93e9a590393dbb65ad
b4b596630a84de3a4f971b185b6c3a0ff734960c69bb325f6454692be846824c

HTTP Headers

GET /main-static/08375d4a/desktop/default/Betting.Core-72c8ffce.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-ac0609b1056ea4f771feed604fd0cb5c-fda206165abbf4f8-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: W/"64aa1b6035f304f0da085e0ffb18a917"
x-amz-meta-mtime: 1749548388.278267126
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:55:19 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83406
cache: HIT
x-cached-since: 2025-06-10T09:56:24+00:00
X-Firefox-Spdy: h2

POST 1xlite-446241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.14.230

200 OK

23 B

URL POST
1xlite-446241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
f4ade086283e796d073586ddcf4478a7
9f83a9f3b8e39b9155d3bf160c8301628c11060c
dc247112ca916dc4483ea29a3a989524285048b6912ab648c9ac82745fc14d37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: e4622f90-2eab-404a-9a2b-c9e06b55e789
Content-Length: 89
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json
content-length: 23
x-dt: 1258
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.010, wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f27cd2497c.js

178.253.14.230

200 OK

3.9 kB

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f27cd2497c.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (3873)
Size
3.9 kB (3874 bytes)
Hash
07ea703063c4d5ee76b1b1b5845e6905
7794892b3fc0b6d4051dfaeddcb9c15a87af762d
2c6497b477fb18d8d4d9bfa94743d235f4c8b3f0f46af415137b530e5caa8b9f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f27cd2497c.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/63937a8066.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: W/"07ea703063c4d5ee76b1b1b5845e6905"
x-amz-meta-mtime: 1748957395.670591926
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/2.3.202/Desktop/Default/client.css

185.244.209.62

200 OK

618 kB

URL GET
v3.traincdn.com/sys-ui/2.3.202/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
618 kB (618214 bytes)
Hash
2cb78afc66b2f65938190f7d0b3924d8
78501302abb19a58fed4269f293ab57dd16be46f
31e21c3fe3b343dd1ec7ed4893ea46d0b742723b7752377bae21c86deb6bb6df

HTTP Headers

GET /sys-ui/2.3.202/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:29 GMT
content-type: text/css; charset=utf-8
traceparent: 00-33389ff4d6c8d6e9a07ac27b5827b69a-5ede531481661004-01
last-modified: Tue, 13 May 2025 13:22:44 GMT
etag: W/"2cb78afc66b2f65938190f7d0b3924d8"
x-amz-meta-mtime: 1747142562.33508118
content-encoding: gzip
expires: Thu, 29 May 2025 09:04:38 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 85902
cache: HIT
x-cached-since: 2025-06-10T09:14:47+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/plugins.vue-notification-5a6887aa.js

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/plugins.vue-notification-5a6887aa.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12563), with no line terminators
Size
13 kB (12563 bytes)
Hash
3a3c9476afd1bb77e959d5a9ba8fef46
fb3ec1b031b794f59ab22551474ae323c0ed1c45
99d6d17a0b928da90325d2e4e0b24476d14ac6aa1ea5e742851ac742ddc6e98b

HTTP Headers

GET /main-static/08375d4a/desktop/default/vendors/plugins.vue-notification-5a6887aa.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-164fa9a019d6edb712141e9fc282741c-39ec81ea7e963774-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: W/"3a3c9476afd1bb77e959d5a9ba8fef46"
x-amz-meta-mtime: 1749548388.298267315
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:55:19 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83406
cache: HIT
x-cached-since: 2025-06-10T09:56:24+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_47bc8608ab4758047b494ebeff387ed3.json

185.244.209.62

200 OK

26 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_47bc8608ab4758047b494ebeff387ed3.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
26 kB (26355 bytes)
Hash
7c937264c5232090e71c2a5cf81d3290
595c6fb7fb341dbddd4bb486f38924c2af1fd839
23061860831e44d75d7c2048794fd8ef5645822b802d8bc80488f6d4086d74cf

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_47bc8608ab4758047b494ebeff387ed3.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json; charset=utf-8
traceparent: 00-3e4041f926e7720ee1d2a88ae2e6795f-626f83a570172c7e-01
last-modified: Tue, 10 Jun 2025 12:06:55 GMT
etag: W/"7c937264c5232090e71c2a5cf81d3290"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 10 Jun 2025 13:40:06 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1006
cache: HIT
x-cached-since: 2025-06-11T08:49:44+00:00
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js

178.253.14.230

200 OK

159 kB

URL GET
1xlite-446241.top/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
ASCII text, with very long lines (65509)
Size
159 kB (158815 bytes)
Hash
1da464d70e78b04b9b808e82e4ad9487
0c79e65516d1525ecb43d13cfb4ccb0631095a28
b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-2be23b5382.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 11 Jun 2025 06:52:01 GMT
etag: W/"1da464d70e78b04b9b808e82e4ad9487"
x-amz-meta-mtime: 1749624566.703284098
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/8c7a284a3d3af225cbabdbe8d4765503.json

185.244.209.62

200 OK

2.9 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/8c7a284a3d3af225cbabdbe8d4765503.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.9 kB (2853 bytes)
Hash
f9867cd5bf362d5d518027321410c262
c8152b1f17123f07b027c8ab359062dc5f7c1456
baa9a4f415e8e8b95c2269ac32d20c6850852d9973e47937440e2761a6d8ee65

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/8c7a284a3d3af225cbabdbe8d4765503.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json
traceparent: 00-06419e1534ddc90710886e5f57672104-a81af0f7f5a12106-01
last-modified: Thu, 05 Jun 2025 12:31:11 GMT
etag: W/"f9867cd5bf362d5d518027321410c262"
content-encoding: gzip
expires: Wed, 11 Jun 2025 10:06:31 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: MISS
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css

178.253.14.230

200 OK

11 kB

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
ASCII text, with very long lines (11072)
Size
11 kB (11073 bytes)
Hash
3d3e04f603cc58802ff96240abbdc3aa
e7e6a5d59c97236922354b40d288736f034a1ce3
611f7a963cd4aa278f1ba51f2401247df8c658929b76bfdce45bec08be83d7bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1920; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: W/"3d3e04f603cc58802ff96240abbdc3aa"
x-amz-meta-mtime: 1748957395.671592023
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css

178.253.14.230

200 OK

650 B

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
ASCII text, with very long lines (649)
Size
650 B (650 bytes)
Hash
5d70ac7829c3ae41ce5c0971c798fbcf
9996ce3a09f56d3e37d67fbe7e1efb301ea2f261
0e76b1cd191bd618caea37cb7fb6673d12c7cdff7ea47e939758eda5764a140b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1920; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/css; charset=utf-8
content-length: 650
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: "5d70ac7829c3ae41ce5c0971c798fbcf"
x-amz-meta-mtime: 1748957395.664591344
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET 1xlite-446241.top/captcha-api/assets/hunt-captcha.js

178.253.14.230

200 OK

89 kB

URL GET
1xlite-446241.top/captcha-api/assets/hunt-captcha.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
89 kB (88661 bytes)
Hash
9b3c6347a108d4a51e92ef6447770aa6
40e580d5617417e1f4acfe748dc674a7ac07a5d5
c3fdfd1cba177dcf91ac57ced0966caf6ea030f39194c1063e56e60149a3c52f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha-api/assets/hunt-captcha.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c; SESSION=f6e20d1b7364313a95820fd0bd337cfe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:39 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=300
content-encoding: br
vary: Accept-Encoding
x-dt: 1258
x-request-id: 78632ffefd907cb208574be8a2758105
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.004, wf-uht;dur=0.016
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png

185.244.209.62

200 OK

653 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: image/png
content-length: 653
traceparent: 00-fe6d812c1efd5f89fdb410d01e1955f4-8304a23e24236f6a-01
last-modified: Wed, 26 Jun 2024 08:18:02 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
expires: Thu, 16 Jan 2025 10:46:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1686
cache: HIT
x-cached-since: 2025-06-11T08:38:24+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

390 B

URL GET
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type

Size
390 B (390 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 11 Jun 2025 09:06:41 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Wed, 11 Jun 2025 09:16:41 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

GET 1xlite-446241.top/hd-api/external/01975e3d-d1cb-7ddf-8c57-17039d07913d.js

178.253.14.230

200 OK

306 kB

URL GET
1xlite-446241.top/hd-api/external/01975e3d-d1cb-7ddf-8c57-17039d07913d.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
306 kB (306474 bytes)
Hash
a1be686ea2dfe5b5ca2a5af3c815818e
a00c0e71af0b1bc991ac8c9d51eda25bd05c8ce4
e0f100e2ac839b7cdaf1b9ebf9066eb6259b957f08557e5f351165f35fee6957

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/01975e3d-d1cb-7ddf-8c57-17039d07913d.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/en/block
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c; SESSION=f6e20d1b7364313a95820fd0bd337cfe
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:39 GMT
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=0, must-revalidate
content-encoding: gzip
vary: Accept-Encoding
x-dt: 1258
x-hd-trace-id: 75420ec0-2494-496d-ac75-3b1dd439c592
x-request-guid: 257de9190e97c749596aa1738c3c3419
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.007, wf-uht;dur=0.017
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/625e1f2832090ba0fc7373dedf6388bd.json

185.244.209.62

200 OK

328 B

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/625e1f2832090ba0fc7373dedf6388bd.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
328 B (328 bytes)
Hash
4347fc050ebe622e30a7bf78a213b5a0
c05b3b571980b01ff9f07e6adc1c29c58be70bd1
ed1b1193a248bf273141c31b7f74dd1224416b3757e5a71f2e7d579c50d65d57

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/625e1f2832090ba0fc7373dedf6388bd.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json
content-length: 328
traceparent: 00-96bab77f4b627b3725d2e3ff85ddddbb-acc3dfa5fec1e6f0-01
last-modified: Thu, 27 Feb 2025 10:57:19 GMT
etag: "4347fc050ebe622e30a7bf78a213b5a0"
expires: Thu, 05 Jun 2025 08:40:15 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/78215d6bcc.js

178.253.14.230

200 OK

2.0 kB

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/78215d6bcc.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (1967)
Size
2.0 kB (1968 bytes)
Hash
b593428c893df62602de33b295628c35
8cedd8f2c28059581ef0624713a8e04dc9d52953
f1f1f2010dde1a27691901a16dc535d10c24c2b633393c4e1d3c173af117e152

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/78215d6bcc.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f27cd2497c.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: W/"b593428c893df62602de33b295628c35"
x-amz-meta-mtime: 1748957395.665591441
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/43320226e0.js

178.253.14.230

200 OK

27 kB

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/43320226e0.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (27023)
Size
27 kB (27024 bytes)
Hash
94550587990c4e510f7a62601f68f227
ae3328a0fb2f627fbf8ef401e972fd547abb2cec
b9beac1e38d6b752c90112594751e7a2587ed521a62576635edb2b33d6074ca4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/43320226e0.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/f27cd2497c.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: W/"94550587990c4e510f7a62601f68f227"
x-amz-meta-mtime: 1748957395.661591053
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_8136bd411e2a7700cd1aa64d2fec2ff1.json

185.244.209.62

200 OK

9.5 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_8136bd411e2a7700cd1aa64d2fec2ff1.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
9.5 kB (9534 bytes)
Hash
0c85640aa5e93d25882db3f4853864b8
57f70eaf7bc7b79a0cdec503d7f0c05fcdb9fd1f
06431bb530c2b35c6b37cc7104b86a913b1ef6205ab0816e20250605bb0e07ff

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_8136bd411e2a7700cd1aa64d2fec2ff1.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json; charset=utf-8
traceparent: 00-a9795f944bde4fbbcd1f29b0a6b6a3db-20f10294ce5121ba-01
last-modified: Thu, 05 Jun 2025 08:06:41 GMT
etag: W/"0c85640aa5e93d25882db3f4853864b8"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 05 Jun 2025 09:40:12 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1222
cache: HIT
x-cached-since: 2025-06-11T08:46:08+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/0bfc54288673ecc355ae1cc451091289.json

185.244.209.62

200 OK

7.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/0bfc54288673ecc355ae1cc451091289.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
7.3 kB (7321 bytes)
Hash
0614058b667e6dfa1cdecc6e0e53131c
4f20f88c436fb5cbd82cf1dcfeaa14e52195a369
be16474b0f19b7536ebdd3d0f8867b151eaa4638411ddb46845f887a5d51a653

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/0bfc54288673ecc355ae1cc451091289.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json
traceparent: 00-b76e8666027cae5efee6165ea043c594-9b38ef7226ff9b58-01
last-modified: Thu, 23 Jan 2025 13:22:52 GMT
etag: W/"0614058b667e6dfa1cdecc6e0e53131c"
content-encoding: gzip
expires: Wed, 11 Jun 2025 10:06:30 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: MISS
X-Firefox-Spdy: h2

POST 1xlite-446241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.14.230

200 OK

23 B

URL POST
1xlite-446241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
08d50d403d6a5f6622aeee90b87c45f3
3af675fa35acff1d74b874eb4a3f36dea1e08721
7c34ce1d42ef408179b0a968de57194ba802cd044079c4bb0fb8483ae52ff797

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: e4622f90-2eab-404a-9a2b-c9e06b55e789
Content-Length: 48
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json
content-length: 23
x-dt: 1258
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.007, wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js

178.253.14.230

200 OK

865 B

URL GET
1xlite-446241.top/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, ASCII text, with very long lines (840)
Size
865 B (865 bytes)
Hash
0af3fe0c072a5bb3b6c731767187982f
55db5afb57265dc92fd121fe9ae565ffb2f53b2c
655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/sys-static/shared-assets/Desktop/__shared_base-app_903e6da5a6.js
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: text/javascript; charset=utf-8
content-length: 865
last-modified: Wed, 11 Jun 2025 06:52:01 GMT
etag: "0af3fe0c072a5bb3b6c731767187982f"
x-amz-meta-mtime: 1749624566.703284098
expires: Thu, 12 Jun 2025 09:06:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json

185.244.209.62

200 OK

2.3 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.3 kB (2308 bytes)
Hash
7c12ae6fc08684f50822b3eb56779e29
036c726b8b7b2d24f987391101f3e8d1a2a183cf
a2eac45353675c82733192916712b8876c6b038b7bdbddc24df464e38b67cbfd

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json; charset=utf-8
traceparent: 00-80a21abe1cac181e36c3a585867ac3ba-291d46e392a9f59f-01
last-modified: Tue, 22 Apr 2025 08:06:29 GMT
etag: W/"7c12ae6fc08684f50822b3eb56779e29"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 22 Apr 2025 09:26:34 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2244
cache: HIT
x-cached-since: 2025-06-11T08:29:07+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_1971e4038469f37ec9a819d99d5b8f4a.json

185.244.209.62

200 OK

1.1 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_1971e4038469f37ec9a819d99d5b8f4a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.1 kB (1129 bytes)
Hash
a3810b04fc93c6b4f295ceb812f9f212
6cff2c69f8e43259380952d6c0df7ba563b7da8d
c1afcca19f61498f21aab6c0ca6b1992f5c8b4baf281dfa14b780ed780035c54

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_1971e4038469f37ec9a819d99d5b8f4a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json; charset=utf-8
traceparent: 00-ac89c0814678eebf62479383bcc8d124-d72f1d39c42b99a5-01
last-modified: Fri, 09 May 2025 16:06:27 GMT
etag: W/"a3810b04fc93c6b4f295ceb812f9f212"
cache-control: max-age=3600
content-encoding: gzip
expires: Fri, 09 May 2025 17:11:01 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1165
cache: HIT
x-cached-since: 2025-06-11T08:47:05+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/css/684d7545.css

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/css/684d7545.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (14391), with no line terminators
Size
14 kB (14391 bytes)
Hash
a552d5db890b7f16e370b33cc587e807
a9dc47737b3e1d8ef6fcbb48c7c0b026c6fda545
0d7e00204297499711ae1da574d4635b31d8238ab4a663b382c44d850d24f3ec

HTTP Headers

GET /main-static/08375d4a/desktop/default/css/684d7545.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:29 GMT
content-type: text/css; charset=utf-8
traceparent: 00-d0f751a04adea37d0c2f352c16638dcd-81ca98047e4fc474-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: W/"a552d5db890b7f16e370b33cc587e807"
x-amz-meta-mtime: 1749548388.286267201
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:55:18 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83407
cache: HIT
x-cached-since: 2025-06-10T09:56:22+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/Page.Block-7d7b08d1.js

185.244.209.62

200 OK

476 B

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/Page.Block-7d7b08d1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (476), with no line terminators
Size
476 B (476 bytes)
Hash
ef137b2bd396a5a981afc77591c7b612
c987135b577d4513484b7ac5ca3f6c8aab3c684b
b3ddd11cd8bb86a1b2c85522660223090d290c97fa7e905febf345bb3d6a11c3

HTTP Headers

GET /main-static/08375d4a/desktop/default/Page.Block-7d7b08d1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/javascript; charset=utf-8
content-length: 476
traceparent: 00-02332d5261457ec2a190b7a00e597647-d9ba7a337b009c6c-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: "ef137b2bd396a5a981afc77591c7b612"
x-amz-meta-mtime: 1749548388.278267126
expires: Wed, 11 Jun 2025 09:55:42 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83407
cache: HIT
x-cached-since: 2025-06-10T09:56:23+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/app-ec574fc5.js

185.244.209.62

200 OK

1.4 MB

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/app-ec574fc5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (63906)
Size
1.4 MB (1393101 bytes)
Hash
81ca0efcd77c8894cf1d3075673e116e
17bab2e235cd692564de7b0c443fbad1e49fd3dc
e29378ec7429032e963451e04c1229968492f19c17fa26dccfe6e5eea23a1d1a

HTTP Headers

GET /main-static/08375d4a/desktop/default/vendors/app-ec574fc5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-c23b163a558cecbcf2d9b5a37456ad8c-5de483f0869b1643-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: W/"81ca0efcd77c8894cf1d3075673e116e"
x-amz-meta-mtime: 1749548388.298267315
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:55:18 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83407
cache: HIT
x-cached-since: 2025-06-10T09:56:23+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_6a01da31413a934909ba5593d538384f.json

185.244.209.62

200 OK

137 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_6a01da31413a934909ba5593d538384f.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
137 kB (137065 bytes)
Hash
d95f7c3961a1921abb08c7b4834392a3
01cc201a2a88ea2cdea2459a889d78b8c7bb5c7c
e77b2618955523468752f00e790d20de7435951605716d5257826847c0d2b297

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_6a01da31413a934909ba5593d538384f.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json; charset=utf-8
traceparent: 00-0ab27febc7d7f36b5c1ba96cbd74941f-0584264ec967d82e-01
last-modified: Mon, 09 Jun 2025 10:06:46 GMT
etag: W/"d95f7c3961a1921abb08c7b4834392a3"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 09 Jun 2025 11:40:12 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 864
cache: HIT
x-cached-since: 2025-06-11T08:52:06+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/48593960336c3075164f79d77fe845c4.json

185.244.209.62

200 OK

747 B

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/48593960336c3075164f79d77fe845c4.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
747 B (747 bytes)
Hash
f4e90636ec9cff061c4301b3cefdd0d6
c506efe9c3672c58434ea10021dab0ad81b1ad98
30666f138ccc12735e2f8a6405ddce4a3d8756b9445e3b2732fa2970f14dbcea

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/48593960336c3075164f79d77fe845c4.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json
content-length: 747
traceparent: 00-2ea7b6ba5a6c95e95c61448ed7bd0135-602a1f95c5af5ba5-01
last-modified: Thu, 27 Feb 2025 13:27:57 GMT
etag: "f4e90636ec9cff061c4301b3cefdd0d6"
expires: Wed, 11 Jun 2025 10:06:30 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/3269ef480c0b8ea6baff7a6c347f07f7.json

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/3269ef480c0b8ea6baff7a6c347f07f7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.3 kB (1342 bytes)
Hash
499d57f89b2bf5fed52d984d865fd72c
f3dd138886f2c1e257d3ac2214b7e3cba57e56b2
9467cf5576ce2a97d9e44e53915a9c4ae529c134cc1ea5a3c62ea304eebda0c8

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/3269ef480c0b8ea6baff7a6c347f07f7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json
traceparent: 00-70dc18988db4254c316d413a81ff3861-419b4a90db59ac54-01
last-modified: Thu, 27 Feb 2025 08:18:57 GMT
etag: W/"499d57f89b2bf5fed52d984d865fd72c"
content-encoding: gzip
expires: Wed, 11 Jun 2025 10:06:31 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: MISS
X-Firefox-Spdy: h2

POST 1xlite-446241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

178.253.14.230

200 OK

2 B

URL POST
1xlite-446241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: e4622f90-2eab-404a-9a2b-c9e06b55e789
Content-Length: 19
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280; che_g=9c0fac70-502e-1195-4d30-7cbebc52fe2c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: application/json
content-length: 2
x-dt: 1258
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.009, wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css

185.244.209.62

200 OK

11 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (11072)
Size
11 kB (11073 bytes)
Hash
3d3e04f603cc58802ff96240abbdc3aa
e7e6a5d59c97236922354b40d288736f034a1ce3
611f7a963cd4aa278f1ba51f2401247df8c658929b76bfdce45bec08be83d7bd

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:29 GMT
content-type: text/css; charset=utf-8
traceparent: 00-5f0bae3234db7bea11efadea68088f3b-cd36fcc8184d0540-01
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: W/"3d3e04f603cc58802ff96240abbdc3aa"
x-amz-meta-mtime: 1748957395.671592023
content-encoding: gzip
expires: Wed, 04 Jun 2025 15:52:52 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 61425
cache: HIT
x-cached-since: 2025-06-10T16:02:44+00:00
X-Firefox-Spdy: h2

GET radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

390 B

URL GET
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
390 B (390 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Jun 2025 09:06:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Wed, 25 Jun 2025 09:06:41 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:40 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-23b740819f1f7435118a5d23fc955493-6e0e10b848d62653-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2911
cache: HIT
x-cached-since: 2025-06-11T08:18:09+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-446241.top/seo-module-api/api/public/v1/analytics-counters?project[id]=1258&domain[host]=1xlite-446241.top

178.253.14.230

200 OK

11 B

URL GET
1xlite-446241.top/seo-module-api/api/public/v1/analytics-counters?project[id]=1258&domain[host]=1xlite-446241.top
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JSON text data
Size
11 B (11 bytes)
Hash
e0234245cb00aa260ccfa99a9a0b235e
1050253aec7b29caff644806927dabfa81406eee
8fe32e407a1038ee38753b70e5374b3a46d6ae9d5f16cd5b73c53abaca8f5ed0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?project[id]=1258&domain[host]=1xlite-446241.top HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json
content-length: 11
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: en35b8564af43c1302eac9a53676625934
age: 440
x-request-id: cec23002d92907d14b66aaaf4200daa8
x-request-guid: cec23002d92907d14b66aaaf4200daa8
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.1379718780518, wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET 1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-2be23b5382.js

178.253.14.230

200 OK

21 kB

URL GET
1xlite-446241.top/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-2be23b5382.js
IP
178.253.14.230:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-446241.top
FingerprintE4:92:BE:BA:35:7C:95:77:03:ED:E9:CD:D0:F5:4B:0A:C0:31:E8:76
ValidityMon, 19 May 2025 05:20:46 GMT - Sun, 17 Aug 2025 05:20:45 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (20628)
Size
21 kB (21168 bytes)
Hash
e98587d7f0e87ddb1c14109e11bcaf6c
73614df1bfaace32f60e177269be8aa2e66cc5f2
eb2e63442142d4911f42925b84270df0223ec8fe25a9c33007c5a43914822c22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-2be23b5382.js HTTP/1.1
Host: 1xlite-446241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder; postback_watcher=%7B%22tag%22%3A%22d_131637m_14249c_%5B%5DMS%5B%5Dnull%5B%5DPB_WL%5B%5Dgeneral%5B%5D74406480_d27082_l192912_clickunder%22%2C%22pb%22%3A%227cb13d3f9d3046d5bffca6ca03342b50%22%2C%22click_id%22%3A%227633fd497d2870456da38e05b856bc32%22%7D; auid=sv0O5mhJRxWDDy9wAwVuAg==; window_width=1280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 03 Jun 2025 13:34:38 GMT
etag: W/"e98587d7f0e87ddb1c14109e11bcaf6c"
x-amz-meta-mtime: 1748957395.670591926
content-encoding: br
expires: Thu, 12 Jun 2025 09:06:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:40 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-fcd0fd960e7232cb931c4979eab645e9-cc7e467c36aca66b-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1428
cache: HIT
x-cached-since: 2025-06-11T08:42:52+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_0aa4860ccc2744faf01bc75a665816ba.json

185.244.209.62

200 OK

22 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_0aa4860ccc2744faf01bc75a665816ba.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (21025), with no line terminators
Size
22 kB (21516 bytes)
Hash
40f1eca8c7d8788011c1bdab4ae9a905
6601c2015f84897f86b2f2d0475ef1f7b7a9902c
0c87ecbcdfb4d3400ddeb4fec25656bda85142e47975ef1432df68d9c3cd9161

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_0aa4860ccc2744faf01bc75a665816ba.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json; charset=utf-8
traceparent: 00-48919a77cf25c949235c86bd0f454268-077492fdfeb27561-01
last-modified: Tue, 10 Jun 2025 16:06:35 GMT
etag: W/"6e8274ab177abc73a33cf2896d1da411"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 10 Jun 2025 17:40:13 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1006
cache: HIT
x-cached-since: 2025-06-11T08:49:44+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/runtime-c8f2b1d0.js

185.244.209.62

200 OK

19 kB

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/runtime-c8f2b1d0.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (19374), with no line terminators
Size
19 kB (19374 bytes)
Hash
079c6abd2b1d392d87b4b97da9581307
36d0d2c97b4807e10f634699f3625e48d1d400db
af602b71afa6251f7533b796cc560e6c5cd6a040f6a6bb3910a1e006b6332eed

HTTP Headers

GET /main-static/08375d4a/desktop/default/runtime-c8f2b1d0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-087aafd60615942aa92a61cbc36189a8-3545b1c06a012044-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: W/"079c6abd2b1d392d87b4b97da9581307"
x-amz-meta-mtime: 1749548388.294267277
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:55:18 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83407
cache: HIT
x-cached-since: 2025-06-10T09:56:23+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/app-d2bf747a.js

185.244.209.62

200 OK

507 kB

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/app-d2bf747a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
507 kB (506840 bytes)
Hash
3c68f3118cc76c8016a522a42675b9ec
66e61e7b9d6427c59f294843dbd7bb2bfc5a86e1
692f1f3bfee008b9bfb0f57993cf262825186c666f0a4a22c3332b6aecfb1485

HTTP Headers

GET /main-static/08375d4a/desktop/default/app-d2bf747a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-855c33cac0893f5f7258ce30e44e8354-07ee8e81b8845738-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: W/"3c68f3118cc76c8016a522a42675b9ec"
x-amz-meta-mtime: 1749548388.286267201
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:55:18 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83407
cache: HIT
x-cached-since: 2025-06-10T09:56:23+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/plugins.vue-js-modal-bb69fbba.js

185.244.209.62

200 OK

27 kB

URL GET
v3.traincdn.com/main-static/08375d4a/desktop/default/vendors/plugins.vue-js-modal-bb69fbba.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26667), with no line terminators
Size
27 kB (26667 bytes)
Hash
95c7e2ba03a2cb96ea5c6fd758291944
59e50efaae4e75111f0515342f551040a643ff0e
a9afd30210e183815589556664dc2409819fbb51a111683f873b866704bd9bbd

HTTP Headers

GET /main-static/08375d4a/desktop/default/vendors/plugins.vue-js-modal-bb69fbba.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-aeae595b338e9b1314105eb81c6ed0d9-2270e5f9e9ee80c8-01
last-modified: Tue, 10 Jun 2025 09:39:50 GMT
etag: W/"95c7e2ba03a2cb96ea5c6fd758291944"
x-amz-meta-mtime: 1749548388.298267315
content-encoding: gzip
expires: Wed, 11 Jun 2025 09:55:19 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 83406
cache: HIT
x-cached-since: 2025-06-10T09:56:24+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/766b34ab6b77ad5d1bb966ea7bf6c157.json

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1258/desktop/media_asset/766b34ab6b77ad5d1bb966ea7bf6c157.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
14 kB (14232 bytes)
Hash
811ce3b7877d19901e45430cb6523d62
16a905115a678fdef3923f91c6f76cbab613e84d
10fbb74dbac63abfe9c4f5a77abc03757ef3527a479d4ae70dc977b515eec8cb

HTTP Headers

GET /genfiles/cms/1-1258/desktop/media_asset/766b34ab6b77ad5d1bb966ea7bf6c157.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-446241.top/
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: application/json
traceparent: 00-1cd931e067e94f5b6e27e9ac5330e859-39e90ccc69d0f901-01
last-modified: Thu, 27 Feb 2025 09:05:23 GMT
etag: W/"811ce3b7877d19901e45430cb6523d62"
content-encoding: gzip
expires: Wed, 11 Jun 2025 10:06:30 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: MISS
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png

185.244.209.62

200 OK

5.2 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-446241.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:31 GMT
content-type: image/png
content-length: 5202
traceparent: 00-13afd9c847a3fbc117e4828ca5103685-fbda4ffae999bec2-01
last-modified: Wed, 26 Jun 2024 08:22:59 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
expires: Thu, 16 Jan 2025 11:18:57 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2138
cache: HIT
x-cached-since: 2025-06-11T08:30:53+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-446241.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-446241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 11 Jun 2025 09:06:30 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-64fa8b7925b13652f1aec872dabec756-4f040763dcf65266-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2901
cache: HIT
x-cached-since: 2025-06-11T08:18:09+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (49)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML